From 2cb6f28b3a12bb714bf14494d31eb6b6fff64b8b Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 3 May 2013 21:29:21 +0200
Subject: Updating the translations for the 1.10 beta1 release

---
 src/man/po/zh_CN.po | 1414 ++++++++++++++++++++++++++++-----------------------
 1 file changed, 783 insertions(+), 631 deletions(-)

(limited to 'src/man/po/zh_CN.po')

diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po
index 65de0d4d1..14cd42c40 100644
--- a/src/man/po/zh_CN.po
+++ b/src/man/po/zh_CN.po
@@ -3,14 +3,14 @@
 # This file is distributed under the same license as the sssd-docs package.
 #
 # Translators:
-# Christopher Meng <cickumqt@gmail.com>, 2012.
+# Christopher Meng <cickumqt@gmail.com>, 2012
 msgid ""
 msgstr ""
 "Project-Id-Version: SSSD\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2013-04-02 18:27+0300\n"
-"PO-Revision-Date: 2012-12-24 06:39+0000\n"
-"Last-Translator: Christopher Meng <cickumqt@gmail.com>\n"
+"POT-Creation-Date: 2013-05-03 21:13+0300\n"
+"PO-Revision-Date: 2013-04-02 16:37+0000\n"
+"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
 "Language-Team: Chinese (China) <trans-zh_cn@lists.fedoraproject.org>\n"
 "Language: zh_CN\n"
 "MIME-Version: 1.0\n"
@@ -206,7 +206,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:71 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:71 sssd.conf.5.xml:1706
 msgid "Section parameters"
 msgstr ""
 
@@ -243,19 +243,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:98 sssd.conf.5.xml:290
+#: sssd.conf.5.xml:98 sssd.conf.5.xml:292
 msgid "reconnection_retries (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:101 sssd.conf.5.xml:293
+#: sssd.conf.5.xml:101 sssd.conf.5.xml:295
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:298
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:300
 msgid "Default: 3"
 msgstr "默认： 3"
 
@@ -270,23 +270,24 @@ msgid ""
 "A domain is a database containing user information. SSSD can use more "
 "domains at the same time, but at least one must be configured or SSSD won't "
 "start.  This parameter described the list of domains in the order you want "
-"them to be queried."
+"them to be queried.  A domain name should only consist of alphanumeric ASCII "
+"characters, dashes and underscores."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:124 sssd.conf.5.xml:1529
+#: sssd.conf.5.xml:126 sssd.conf.5.xml:1478
 msgid "re_expression (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
 msgid ""
 "Default regular expression that describes how to parse the string containing "
 "user name and domain into these components."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
 msgid ""
 "Each domain can have an individual regular expression configured. For some "
 "ID providers there are also default regular expressions.  See DOMAIN "
@@ -294,12 +295,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:141 sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:143 sssd.conf.5.xml:1525
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:144
+#: sssd.conf.5.xml:146
 msgid ""
 "The default <citerefentry> <refentrytitle>printf</refentrytitle> "
 "<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes "
@@ -307,19 +308,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:152
+#: sssd.conf.5.xml:154
 msgid ""
 "Each domain can have an individual format string configured.  see DOMAIN "
 "SECTIONS for more info on this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:158
+#: sssd.conf.5.xml:160
 msgid "try_inotify (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:161
+#: sssd.conf.5.xml:163
 msgid ""
 "SSSD monitors the state of resolv.conf to identify when it needs to update "
 "its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -328,7 +329,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169
+#: sssd.conf.5.xml:171
 msgid ""
 "There are some limited situations where it is preferred that we should skip "
 "even trying to use inotify. In these rare cases, this option should be set "
@@ -336,52 +337,52 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:175
+#: sssd.conf.5.xml:177
 msgid ""
 "Default: true on platforms where inotify is supported. False on other "
 "platforms."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
 msgid ""
 "Note: this option will have no effect on platforms where inotify is "
 "unavailable. On these platforms, polling will always be used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:186
+#: sssd.conf.5.xml:188
 msgid "krb5_rcache_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:189
+#: sssd.conf.5.xml:191
 msgid ""
 "Directory on the filesystem where SSSD should store Kerberos replay cache "
 "files."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
 msgid ""
 "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
 "SSSD to let libkrb5 decide the appropriate location for the replay cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:199
+#: sssd.conf.5.xml:201
 msgid ""
 "Default: Distribution-specific and specified at build-time. "
 "(__LIBKRB5_DEFAULTS__ if not configured)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:206
+#: sssd.conf.5.xml:208
 msgid "default_domain_suffix (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:209
+#: sssd.conf.5.xml:211
 msgid ""
 "This string will be used as a default domain name for all names without a "
 "domain name component. The main use case is environments where the primary "
@@ -391,16 +392,16 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:219
+#: sssd.conf.5.xml:221
 msgid ""
 "Please note that if this option is set all users from the primary domain "
 "have to use their fully qualified name, e.g. user@domain.name, to log in."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd-ldap.5.xml:1336 sssd-ldap.5.xml:1348
+#: sssd.conf.5.xml:227 sssd-ldap.5.xml:1336 sssd-ldap.5.xml:1348
 #: sssd-ldap.5.xml:1409 sssd-ldap.5.xml:2255 sssd-ldap.5.xml:2282
-#: sssd-krb5.5.xml:366 include/ldap_id_mapping.xml:145
+#: sssd-krb5.5.xml:388 include/ldap_id_mapping.xml:145
 #: include/ldap_id_mapping.xml:156
 msgid "Default: not set"
 msgstr ""
@@ -417,12 +418,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:236
+#: sssd.conf.5.xml:238
 msgid "SERVICES SECTIONS"
 msgstr "服务部分"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:240
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -431,81 +432,81 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:245
+#: sssd.conf.5.xml:247
 msgid "General service configuration options"
 msgstr "基本服务配置选项"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:247
+#: sssd.conf.5.xml:249
 msgid "These options can be used to configure any service."
 msgstr "这些选项可被用于配置任何服务。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:251
+#: sssd.conf.5.xml:253
 msgid "debug_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:255
+#: sssd.conf.5.xml:257
 msgid "debug_timestamps (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:258
+#: sssd.conf.5.xml:260
 msgid "Add a timestamp to the debug messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:261 sssd.conf.5.xml:441 sssd.conf.5.xml:841
+#: sssd.conf.5.xml:263 sssd.conf.5.xml:443 sssd.conf.5.xml:790
 #: sssd-ldap.5.xml:1482 sssd-ldap.5.xml:1608 sssd-ldap.5.xml:2043
-#: sssd-ldap.5.xml:2108 sssd-ldap.5.xml:2126 sssd-ipa.5.xml:264
-#: sssd-ipa.5.xml:299
+#: sssd-ldap.5.xml:2108 sssd-ldap.5.xml:2126 sssd-ipa.5.xml:357
+#: sssd-ipa.5.xml:392 sssd-ad.5.xml:150 sssd-ad.5.xml:257
 msgid "Default: true"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266
+#: sssd.conf.5.xml:268
 msgid "debug_microseconds (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:269
+#: sssd.conf.5.xml:271
 msgid "Add microseconds to the timestamp in debug messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:272 sssd.conf.5.xml:795 sssd.conf.5.xml:1683
+#: sssd.conf.5.xml:274 sssd.conf.5.xml:744 sssd.conf.5.xml:1632
 #: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1377 sssd-ldap.5.xml:1396
-#: sssd-ldap.5.xml:1551 sssd-ldap.5.xml:1839 sssd-ipa.5.xml:129
-#: sssd-ipa.5.xml:376 sssd-krb5.5.xml:244 sssd-krb5.5.xml:278
-#: sssd-krb5.5.xml:427
+#: sssd-ldap.5.xml:1551 sssd-ldap.5.xml:1839 sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:201 sssd-ipa.5.xml:469 sssd-ad.5.xml:169 sssd-krb5.5.xml:244
+#: sssd-krb5.5.xml:278 sssd-krb5.5.xml:449
 msgid "Default: false"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:279
 msgid "timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:280
+#: sssd.conf.5.xml:282
 msgid ""
 "Timeout in seconds between heartbeats for this service. This is used to "
 "ensure that the process is alive and capable of answering requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:285 sssd-ldap.5.xml:1248
+#: sssd.conf.5.xml:287 sssd-ldap.5.xml:1248
 msgid "Default: 10"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303
+#: sssd.conf.5.xml:305
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:308
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -515,17 +516,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:315
+#: sssd.conf.5.xml:317
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:322
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:323
+#: sssd.conf.5.xml:325
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -533,18 +534,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330 sssd.conf.5.xml:346 sssd.conf.5.xml:613
-#: sssd.conf.5.xml:773 sssd.conf.5.xml:1005 sssd-ldap.5.xml:1099
+#: sssd.conf.5.xml:332 sssd.conf.5.xml:348 sssd.conf.5.xml:562
+#: sssd.conf.5.xml:722 sssd.conf.5.xml:954 sssd-ldap.5.xml:1099
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:335 sssd.conf.5.xml:994
+#: sssd.conf.5.xml:337 sssd.conf.5.xml:943
 msgid "force_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:338 sssd.conf.5.xml:997
+#: sssd.conf.5.xml:340 sssd.conf.5.xml:946
 msgid ""
 "If a service is not responding to ping checks (see the <quote>timeout</"
 "quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -554,40 +555,40 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:356
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:358
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:361
+#: sssd.conf.5.xml:363
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:366
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:368
+#: sssd.conf.5.xml:370
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:373
+#: sssd.conf.5.xml:375
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:376
+#: sssd.conf.5.xml:378
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -595,7 +596,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:382
+#: sssd.conf.5.xml:384
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -605,7 +606,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:392
+#: sssd.conf.5.xml:394
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -614,17 +615,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:400
+#: sssd.conf.5.xml:402
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:405
+#: sssd.conf.5.xml:407
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408
+#: sssd.conf.5.xml:410
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -632,17 +633,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:414 sssd.conf.5.xml:819
+#: sssd.conf.5.xml:416 sssd.conf.5.xml:768
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:421
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:424
 msgid ""
 "Exclude certain users from being fetched from the sss NSS database. This is "
 "particularly useful for system accounts. This option can also be set per-"
@@ -651,334 +652,251 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:429
+#: sssd.conf.5.xml:431
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:434
+#: sssd.conf.5.xml:436
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:437
+#: sssd.conf.5.xml:439
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:446 sssd-ad.5.xml:132
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:455 sssd-ad.5.xml:141 sssd-krb5.5.xml:169
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:456 sssd-ad.5.xml:142 sssd-krb5.5.xml:170
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:459 sssd-ad.5.xml:145 sssd-krb5.5.xml:173
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:460 sssd-ad.5.xml:146
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:463 sssd-ad.5.xml:149 sssd-krb5.5.xml:191
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464 sssd-ad.5.xml:150
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467 sssd-ad.5.xml:153
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:468 sssd-ad.5.xml:154
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:471
-msgid "%o"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
-msgid "The original home directory retrieved from the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:478 sssd-ad.5.xml:157 sssd-krb5.5.xml:203
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479 sssd-ad.5.xml:158 sssd-krb5.5.xml:204
-msgid "a literal '%'"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:449
+msgid "fallback_homedir (string)"
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:449 sssd-ad.5.xml:135
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:452
 msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:485 sssd-ad.5.xml:164
-msgid "This option can also be set per-domain."
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:457
+msgid ""
+"The available values for this option are the same as for override_homedir."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:490 sssd.conf.5.xml:514 sssd-ad.5.xml:169
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:463
 #, no-wrap
 msgid ""
 "override_homedir = /home/%u\n"
 "                            "
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:488 sssd.conf.5.xml:512 sssd-ad.5.xml:167 sssd-ad.5.xml:191
+#. type: Content of: <varlistentry><listitem><para>
+#: sssd.conf.5.xml:461 include/override_homedir.xml:44
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:494 sssd-ad.5.xml:173
-msgid "Default: Not set (SSSD will use the value retrieved from LDAP)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:500 sssd-ad.5.xml:179
-msgid "fallback_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503 sssd-ad.5.xml:182
-msgid ""
-"Set a default template for a user's home directory if one is not specified "
-"explicitly by the domain's data provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:508 sssd-ad.5.xml:187
-msgid ""
-"The available values for this option are the same as for override_homedir."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:518 sssd-ad.5.xml:197
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:467
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:473
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:527
+#: sssd.conf.5.xml:476
 msgid ""
 "Override the login shell for all users. This option can be specified "
 "globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:481
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:538
+#: sssd.conf.5.xml:487
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:541
+#: sssd.conf.5.xml:490
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
+#: sssd.conf.5.xml:493
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:548
+#: sssd.conf.5.xml:497
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:553
+#: sssd.conf.5.xml:502
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:558
+#: sssd.conf.5.xml:507
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:510
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
+#: sssd.conf.5.xml:514
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:570
+#: sssd.conf.5.xml:519
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:522
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:578
+#: sssd.conf.5.xml:527
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:581
+#: sssd.conf.5.xml:530
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:534
 msgid "Default: /bin/sh"
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:590 sssd-ad.5.xml:203
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:539
 msgid "default_shell"
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593 sssd-ad.5.xml:206
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:542
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option supersedes any other shell options if it takes effect and can be "
 "set either in the [nss] section or per-domain."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599 sssd-ad.5.xml:212
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:548
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:606 sssd.conf.5.xml:766
+#: sssd.conf.5.xml:555 sssd.conf.5.xml:715
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:609 sssd.conf.5.xml:769
+#: sssd.conf.5.xml:558 sssd.conf.5.xml:718
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:567
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:621
+#: sssd.conf.5.xml:570
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625 sssd-ldap.5.xml:654
+#: sssd.conf.5.xml:574 sssd-ldap.5.xml:654
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:632
+#: sssd.conf.5.xml:581
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:583
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:588
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:642
+#: sssd.conf.5.xml:591
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:647 sssd.conf.5.xml:660
+#: sssd.conf.5.xml:596 sssd.conf.5.xml:609
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:602
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:656
+#: sssd.conf.5.xml:605
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:615
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:669
+#: sssd.conf.5.xml:618
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:623
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -986,59 +904,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:680 sssd.conf.5.xml:733 sssd.conf.5.xml:1630
+#: sssd.conf.5.xml:629 sssd.conf.5.xml:682 sssd.conf.5.xml:1579
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:635
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
+#: sssd.conf.5.xml:638
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:643
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:697
+#: sssd.conf.5.xml:646
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:700
+#: sssd.conf.5.xml:649
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:653
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:656
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711 sssd.8.xml:63
+#: sssd.conf.5.xml:660 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:665
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:668
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1046,7 +964,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:725
+#: sssd.conf.5.xml:674
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1055,17 +973,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:739
+#: sssd.conf.5.xml:688
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742 sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1086
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:694
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1073,63 +991,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:700 sssd.conf.5.xml:1089
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:705
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:761 sssd.8.xml:79
+#: sssd.conf.5.xml:710 sssd.8.xml:79
 msgid "Default: 0"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:730
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:732
 msgid "These options can be used to configure the sudo service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:736
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:790
+#: sssd.conf.5.xml:739
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:803
+#: sssd.conf.5.xml:752
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:754
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:758
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:812
+#: sssd.conf.5.xml:761
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1137,51 +1055,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:777
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:830
+#: sssd.conf.5.xml:779
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:783
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:786
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:795
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:798
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:802
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:810
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:812
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1193,7 +1111,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:872
+#: sssd.conf.5.xml:821
 msgid ""
 "If the remote user does not exist in the cache, it is created. The uid is "
 "calculated based on the SID, trusted domains will have UPGs and the gid will "
@@ -1204,24 +1122,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:829
 msgid ""
 "If there are SIDs of groups from the domain the sssd client belongs to, the "
 "user will be added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:835
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:839
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:842
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1229,12 +1147,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:848
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:852
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1243,24 +1161,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:917
+#: sssd.conf.5.xml:866
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:873
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:876
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:932
+#: sssd.conf.5.xml:881
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1269,40 +1187,40 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:888
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:894
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:897
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
+#: sssd.conf.5.xml:901
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:955
+#: sssd.conf.5.xml:904
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958 sssd.conf.5.xml:1114 sssd.conf.5.xml:1216
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:907 sssd.conf.5.xml:1063 sssd.conf.5.xml:1165
+#: sssd.conf.5.xml:1182
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:910
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1314,14 +1232,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:923
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:928
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -1330,129 +1248,129 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:936
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:960
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:963
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1018
+#: sssd.conf.5.xml:967
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:973
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:976
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031 sssd.conf.5.xml:1044 sssd.conf.5.xml:1057
-#: sssd.conf.5.xml:1070 sssd.conf.5.xml:1083 sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:980 sssd.conf.5.xml:993 sssd.conf.5.xml:1006
+#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1032 sssd.conf.5.xml:1046
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:986
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:989
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:999
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1053
+#: sssd.conf.5.xml:1002
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1012
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1015
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1025
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1079
+#: sssd.conf.5.xml:1028
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1038
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1041
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1052
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1055
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1059
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1068
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1122
+#: sssd.conf.5.xml:1071
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -1461,17 +1379,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1078
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1083
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1145
+#: sssd.conf.5.xml:1094
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1480,33 +1398,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1101
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1107
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1110
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1165
+#: sssd.conf.5.xml:1114
 msgid "<quote>proxy</quote>: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1168
+#: sssd.conf.5.xml:1117
 msgid "<quote>local</quote>: SSSD internal provider for local users"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1121
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1514,8 +1432,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180 sssd.conf.5.xml:1259 sssd.conf.5.xml:1310
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1129 sssd.conf.5.xml:1208 sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1312
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1524,8 +1442,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1189 sssd.conf.5.xml:1268 sssd.conf.5.xml:1319
-#: sssd.conf.5.xml:1372
+#: sssd.conf.5.xml:1138 sssd.conf.5.xml:1217 sssd.conf.5.xml:1268
+#: sssd.conf.5.xml:1321
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1533,19 +1451,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1200
+#: sssd.conf.5.xml:1149
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1152
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1157
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1554,17 +1472,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1170
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1173
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1176
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -1572,19 +1490,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1187
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1241
+#: sssd.conf.5.xml:1190
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1245 sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1252
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1592,7 +1510,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1201
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1600,30 +1518,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1276
+#: sssd.conf.5.xml:1225
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1228
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1231
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1288
+#: sssd.conf.5.xml:1237
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1291
+#: sssd.conf.5.xml:1240
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -1631,19 +1549,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1246
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1300
+#: sssd.conf.5.xml:1249
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1327
+#: sssd.conf.5.xml:1276
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1652,24 +1570,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1283
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1339
+#: sssd.conf.5.xml:1288
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1342
+#: sssd.conf.5.xml:1291
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1296
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1677,7 +1595,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1304
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1685,35 +1603,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1329
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1333
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1387
+#: sssd.conf.5.xml:1336
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1343
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1346
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1401
+#: sssd.conf.5.xml:1350
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1721,23 +1639,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1357
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1411 sssd.conf.5.xml:1465 sssd.conf.5.xml:1497
-#: sssd.conf.5.xml:1522
+#: sssd.conf.5.xml:1360 sssd.conf.5.xml:1414 sssd.conf.5.xml:1446
+#: sssd.conf.5.xml:1471
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1366
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1420
+#: sssd.conf.5.xml:1369
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -1745,7 +1663,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1375
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1753,31 +1671,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1383
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1437
+#: sssd.conf.5.xml:1386
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1392
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1446
+#: sssd.conf.5.xml:1395
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1452
+#: sssd.conf.5.xml:1401
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1785,23 +1703,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1410
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1421
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1475
+#: sssd.conf.5.xml:1424
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1479
+#: sssd.conf.5.xml:1428
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1809,7 +1727,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1435
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1817,24 +1735,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1443
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1453
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1456
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1511
+#: sssd.conf.5.xml:1460
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1842,19 +1760,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1519
+#: sssd.conf.5.xml:1468
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1532
+#: sssd.conf.5.xml:1481
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1537
+#: sssd.conf.5.xml:1486
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -1863,29 +1781,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1491
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1494
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1548
+#: sssd.conf.5.xml:1497
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1500
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1556
+#: sssd.conf.5.xml:1505
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -1893,7 +1811,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
+#: sssd.conf.5.xml:1511
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -1901,14 +1819,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1569
+#: sssd.conf.5.xml:1518
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1579
+#: sssd.conf.5.xml:1528
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to translate "
@@ -1916,59 +1834,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1536
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1542
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1545
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1549
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1552
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606
+#: sssd.conf.5.xml:1555
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1558
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1612
+#: sssd.conf.5.xml:1561
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1615
+#: sssd.conf.5.xml:1564
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1621
+#: sssd.conf.5.xml:1570
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1624
+#: sssd.conf.5.xml:1573
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the DNS "
 "resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1976,56 +1894,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1585
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1588
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1592
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1649
+#: sssd.conf.5.xml:1598
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1601
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1607
 msgid "case_sensitive (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661
+#: sssd.conf.5.xml:1610
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1615 sssd-ad.5.xml:227
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1621
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1675
+#: sssd.conf.5.xml:1624
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -2034,30 +1952,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1638
 msgid "subdomain_homedir (string)"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1648
+msgid "%F"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1649
+msgid "flat (NetBIOS) name of a subdomain."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1692
+#: sssd.conf.5.xml:1641
 msgid ""
 "Use this homedir as default value for all subdomains within this domain. See "
-"<emphasis>override_homedir</emphasis> for info about possible values."
+"<emphasis>override_homedir</emphasis> for info about possible values. In "
+"addition to those, the expansion below can only be used with "
+"<emphasis>subdomain_homedir</emphasis>.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697
+#: sssd.conf.5.xml:1654
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1701
+#: sssd.conf.5.xml:1658
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:868
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2065,29 +1996,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1713
+#: sssd.conf.5.xml:1670
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1716
+#: sssd.conf.5.xml:1673
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1676
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1684
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1730
+#: sssd.conf.5.xml:1687
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2095,19 +2026,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1666
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1742
+#: sssd.conf.5.xml:1699
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1744
+#: sssd.conf.5.xml:1701
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -2115,73 +2046,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1751
+#: sssd.conf.5.xml:1708
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1754
+#: sssd.conf.5.xml:1711
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1715
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1720
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1766
+#: sssd.conf.5.xml:1723
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1771
+#: sssd.conf.5.xml:1728
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1776
+#: sssd.conf.5.xml:1733
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1736
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1783 sssd.conf.5.xml:1795
+#: sssd.conf.5.xml:1740 sssd.conf.5.xml:1752
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1745
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1748
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1757
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1803
+#: sssd.conf.5.xml:1760
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2189,17 +2120,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1811
+#: sssd.conf.5.xml:1768
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1816
+#: sssd.conf.5.xml:1773
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1819
+#: sssd.conf.5.xml:1776
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -2208,17 +2139,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1786
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1791
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1794
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -2226,17 +2157,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1844
+#: sssd.conf.5.xml:1801
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1849
+#: sssd.conf.5.xml:1806
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:1809
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -2244,18 +2175,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:1815
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1868 sssd-ldap.5.xml:2308 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:643 sssd-ad.5.xml:229 sssd-krb5.5.xml:441
+#: sssd.conf.5.xml:1825 sssd-ldap.5.xml:2308 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:736 sssd-ad.5.xml:276 sssd-krb5.5.xml:478
 msgid "EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:1831
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -2285,7 +2216,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:1827
 msgid ""
 "The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -2326,7 +2257,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:75
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:78
 #: sssd-krb5.5.xml:63
 msgid "CONFIGURATION OPTIONS"
 msgstr ""
@@ -3059,7 +2990,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:686 sssd-ldap.5.xml:765 sssd-ldap.5.xml:940
 #: sssd-ldap.5.xml:1031 sssd-ldap.5.xml:1872 sssd-ldap.5.xml:2198
-#: sssd-ipa.5.xml:498
+#: sssd-ipa.5.xml:591
 msgid "Default: cn"
 msgstr ""
 
@@ -3074,7 +3005,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:699 sssd-ipa.5.xml:402
+#: sssd-ldap.5.xml:699 sssd-ipa.5.xml:495
 msgid "Default: memberOf"
 msgstr ""
 
@@ -3880,7 +3811,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1495 sssd-ad.5.xml:213
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
@@ -3918,7 +3849,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1530 sssd-ipa.5.xml:274 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1530 sssd-ipa.5.xml:367 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
@@ -3933,7 +3864,7 @@ msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1542 sssd-ipa.5.xml:289 sssd-krb5.5.xml:418
+#: sssd-ldap.5.xml:1542 sssd-ipa.5.xml:382 sssd-krb5.5.xml:440
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
@@ -4806,14 +4737,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2315 sssd-simple.5.xml:139 sssd-ipa.5.xml:651
-#: sssd-ad.5.xml:237 sssd-sudo.5.xml:56 sssd-sudo.5.xml:78 sssd-sudo.5.xml:99
-#: sssd-krb5.5.xml:450 include/ldap_id_mapping.xml:63
+#: sssd-ldap.5.xml:2315 sssd-simple.5.xml:139 sssd-ipa.5.xml:744
+#: sssd-ad.5.xml:284 sssd-sudo.5.xml:56 sssd-sudo.5.xml:78 sssd-krb5.5.xml:487
+#: include/ldap_id_mapping.xml:63
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2328 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:252
+#: sssd-ldap.5.xml:2328 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:299
 #: sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
@@ -4859,8 +4790,8 @@ msgstr ""
 #: pam_sss.8.xml:45
 msgid ""
 "<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
+"Services daemon (SSSD). Errors and results are logged through "
+"<command>syslog(3)</command> with the LOG_AUTHPRIV facility."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
@@ -5122,7 +5053,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:76
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:79
 msgid ""
 "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -5254,8 +5185,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116
-msgid "ipa_dyndns_update (boolean)"
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:156
+msgid "dyndns_update (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -5266,81 +5197,186 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:124 sssd-ad.5.xml:164
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:129
+msgid ""
+"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
+"emphasis> option, users should migrate to using <emphasis>dyndns_update</"
+"emphasis> in their config file."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
-msgid "ipa_dyndns_ttl (integer)"
+#: sssd-ipa.5.xml:141 sssd-ad.5.xml:175
+msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:144 sssd-ad.5.xml:178
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
-"ipa_dyndns_update is false this has no effect. This will override the TTL "
+"dyndns_update is false this has no effect. This will override the TTL "
 "serverside if set by an administrator."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:143
+#: sssd-ipa.5.xml:149
+msgid ""
+"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
+"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
+"emphasis> in their config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:155
 msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:149
-msgid "ipa_dyndns_iface (string)"
+#: sssd-ipa.5.xml:161 sssd-ad.5.xml:189
+msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:152
+#: sssd-ipa.5.xml:164 sssd-ad.5.xml:192
 msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
+"Optional. Applicable only when dyndns_update is true. Choose the interface "
+"whose IP address should be used for dynamic DNS updates."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:157
+#: sssd-ipa.5.xml:169
+msgid ""
+"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
+"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
+"emphasis> in their config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:175 sssd-ad.5.xml:197
 msgid "Default: Use the IP address of the IPA LDAP connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:163
+#: sssd-ipa.5.xml:181
+msgid "ipa_enable_dns_sites (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:184 sssd-ad.5.xml:138
+msgid "Enables DNS sites - location based service discovery."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:188
+msgid ""
+"If true and service discovery (see Service Discovery paragraph at the bottom "
+"of the man page)  is enabled, then the SSSD will first attempt location "
+"based discovery using a query that contains \"_location.hostname.example.com"
+"\" and then fall back to traditional SRV discovery. If the location based "
+"discovery succeeds, the IPA servers located with the location based "
+"discovery are treated as primary servers and the IPA servers located using "
+"the traditional SRV discovery are used as back up servers"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:207 sssd-ad.5.xml:203
+msgid "dyndns_refresh_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:210 sssd-ad.5.xml:206
+msgid ""
+"How often should the back end perform periodic DNS update in addition to the "
+"automatic update performed when the back end goes online.  This option is "
+"optional and applicable only when dyndns_update is true."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:217
+msgid "Default: 0 (disabled)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:223 sssd-ad.5.xml:219
+msgid "dyndns_update_ptr (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:226 sssd-ad.5.xml:222
+msgid ""
+"Whether the PTR record should also be explicitly updated when updating the "
+"client's DNS records.  Applicable only when dyndns_update is true."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:231
+msgid ""
+"This options should be False in most IPA deployments as the IPA server "
+"generates the PTR records automatically when forward records are changed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:237
+msgid "Default: False (disabled)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:243 sssd-ad.5.xml:233
+msgid "dyndns_force_tcp (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:246 sssd-ad.5.xml:236
+msgid ""
+"Whether the nsupdate utility should default to using TCP for communicating "
+"with the DNS server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:240
+msgid "Default: False (let nsupdate choose the protocol)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:256
 msgid "ipa_hbac_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:166
+#: sssd-ipa.5.xml:259
 msgid "Optional. Use the given string as search base for HBAC related objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:170
+#: sssd-ipa.5.xml:263
 msgid "Default: Use base DN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:176
+#: sssd-ipa.5.xml:269
 msgid "ipa_host_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:179
+#: sssd-ipa.5.xml:272
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183 sssd-ipa.5.xml:207 sssd-ipa.5.xml:226 sssd-ipa.5.xml:245
+#: sssd-ipa.5.xml:276 sssd-ipa.5.xml:300 sssd-ipa.5.xml:319 sssd-ipa.5.xml:338
 msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188
+#: sssd-ipa.5.xml:281
 msgid ""
 "If filter is given in any of search bases and "
 "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
@@ -5348,86 +5384,86 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:193 sssd-ipa.5.xml:212 include/ldap_search_bases.xml:23
+#: sssd-ipa.5.xml:286 sssd-ipa.5.xml:305 include/ldap_search_bases.xml:23
 #: include/ldap_search_bases_experimental.xml:23
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:200
+#: sssd-ipa.5.xml:293
 msgid "ipa_selinux_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:203
+#: sssd-ipa.5.xml:296
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:312
 msgid "ipa_subdomains_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:222
+#: sssd-ipa.5.xml:315
 msgid "Optional. Use the given string as search base for trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:231
+#: sssd-ipa.5.xml:324
 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:238
+#: sssd-ipa.5.xml:331
 msgid "ipa_master_domain_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:241
+#: sssd-ipa.5.xml:334
 msgid "Optional. Use the given string as search base for master domain object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:343
 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:257 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:350 sssd-krb5.5.xml:232
 msgid "krb5_validate (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260
+#: sssd-ipa.5.xml:353
 msgid ""
 "Verify with the help of krb5_keytab that the TGT obtained has not been "
 "spoofed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:360 sssd-ad.5.xml:260
 msgid ""
 "Note that this default differs from the traditional Kerberos provider back "
 "end."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:277
+#: sssd-ipa.5.xml:370
 msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:281
+#: sssd-ipa.5.xml:374
 msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:385
 msgid ""
 "Specifies if the host and user principal should be canonicalized when "
 "connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -5435,12 +5471,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:305
+#: sssd-ipa.5.xml:398
 msgid "ipa_hbac_refresh (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:308
+#: sssd-ipa.5.xml:401
 msgid ""
 "The amount of time between lookups of the HBAC rules against the IPA server. "
 "This will reduce the latency and load on the IPA server if there are many "
@@ -5448,17 +5484,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:315 sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:424
 msgid "Default: 5 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:321
+#: sssd-ipa.5.xml:414
 msgid "ipa_hbac_selinux (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:324
+#: sssd-ipa.5.xml:417
 msgid ""
 "The amount of time between lookups of the SELinux maps against the IPA "
 "server. This will reduce the latency and load on the IPA server if there are "
@@ -5466,12 +5502,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:337
+#: sssd-ipa.5.xml:430
 msgid "ipa_hbac_treat_deny_as (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:340
+#: sssd-ipa.5.xml:433
 msgid ""
 "This option specifies how to treat the deprecated DENY-type HBAC rules. As "
 "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -5480,325 +5516,325 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:349
+#: sssd-ipa.5.xml:442
 msgid ""
 "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
 "users will be denied access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:354
+#: sssd-ipa.5.xml:447
 msgid ""
 "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
 "careful with this option, as it may result in opening unintended access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:452
 msgid "Default: DENY_ALL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:457
 msgid "ipa_hbac_support_srchost (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:367
+#: sssd-ipa.5.xml:460
 msgid ""
 "If this is set to false, then srchost as given to SSSD by PAM will be "
 "ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:464
 msgid ""
 "Note that if set to <emphasis>False</emphasis>, this option casuses filters "
 "given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:382
+#: sssd-ipa.5.xml:475
 msgid "ipa_automount_location (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:385
+#: sssd-ipa.5.xml:478
 msgid "The automounter location this IPA client will be using"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:388
+#: sssd-ipa.5.xml:481
 msgid "Default: The location named \"default\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:488
 msgid "ipa_netgroup_member_of (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:491
 msgid "The LDAP attribute that lists netgroup's memberships."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:500
 msgid "ipa_netgroup_member_user (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:503
 msgid ""
 "The LDAP attribute that lists system users and groups that are direct "
 "members of the netgroup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:415 sssd-ipa.5.xml:510
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:603
 msgid "Default: memberUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:420
+#: sssd-ipa.5.xml:513
 msgid "ipa_netgroup_member_host (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:423
+#: sssd-ipa.5.xml:516
 msgid ""
 "The LDAP attribute that lists hosts and host groups that are direct members "
 "of the netgroup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:427 sssd-ipa.5.xml:522
+#: sssd-ipa.5.xml:520 sssd-ipa.5.xml:615
 msgid "Default: memberHost"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:432
+#: sssd-ipa.5.xml:525
 msgid "ipa_netgroup_member_ext_host (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:435
+#: sssd-ipa.5.xml:528
 msgid ""
 "The LDAP attribute that lists FQDNs of hosts and host groups that are "
 "members of the netgroup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:532
 msgid "Default: externalHost"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:444
+#: sssd-ipa.5.xml:537
 msgid "ipa_netgroup_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:447
+#: sssd-ipa.5.xml:540
 msgid "The LDAP attribute that contains NIS domain name of the netgroup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:544
 msgid "Default: nisDomainName"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:457
+#: sssd-ipa.5.xml:550
 msgid "ipa_host_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:460 sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:553 sssd-ipa.5.xml:576
 msgid "The object class of a host entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:463 sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:556 sssd-ipa.5.xml:579
 msgid "Default: ipaHost"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:468
+#: sssd-ipa.5.xml:561
 msgid "ipa_host_fqdn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:564
 msgid "The LDAP attribute that contains FQDN of the host."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:474
+#: sssd-ipa.5.xml:567
 msgid "Default: fqdn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480
+#: sssd-ipa.5.xml:573
 msgid "ipa_selinux_usermap_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:584
 msgid "ipa_selinux_usermap_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:494
+#: sssd-ipa.5.xml:587
 msgid "The LDAP attribute that contains the name of SELinux usermap."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:596
 msgid "ipa_selinux_usermap_member_user (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:506
+#: sssd-ipa.5.xml:599
 msgid ""
 "The LDAP attribute that contains all users / groups this rule match against."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:608
 msgid "ipa_selinux_usermap_member_host (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:611
 msgid ""
 "The LDAP attribute that contains all hosts / hostgroups this rule match "
 "against."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:620
 msgid "ipa_selinux_usermap_see_also (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:530
+#: sssd-ipa.5.xml:623
 msgid ""
 "The LDAP attribute that contains DN of HBAC rule which can be used for "
 "matching instead of memberUser and memberHost"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:535
+#: sssd-ipa.5.xml:628
 msgid "Default: seeAlso"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:633
 msgid "ipa_selinux_usermap_selinux_user (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:543
+#: sssd-ipa.5.xml:636
 msgid "The LDAP attribute that contains SELinux user string itself."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:547
+#: sssd-ipa.5.xml:640
 msgid "Default: ipaSELinuxUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:552
+#: sssd-ipa.5.xml:645
 msgid "ipa_selinux_usermap_enabled (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:555
+#: sssd-ipa.5.xml:648
 msgid ""
 "The LDAP attribute that contains whether or not is user map enabled for "
 "usage."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:559
+#: sssd-ipa.5.xml:652
 msgid "Default: ipaEnabledFlag"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:657
 msgid "ipa_selinux_usermap_user_category (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:567
+#: sssd-ipa.5.xml:660
 msgid "The LDAP attribute that contains user category such as 'all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:571
+#: sssd-ipa.5.xml:664
 msgid "Default: userCategory"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:576
+#: sssd-ipa.5.xml:669
 msgid "ipa_selinux_usermap_host_category (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:579
+#: sssd-ipa.5.xml:672
 msgid "The LDAP attribute that contains host category such as 'all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:676
 msgid "Default: hostCategory"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:588
+#: sssd-ipa.5.xml:681
 msgid "ipa_selinux_usermap_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:591
+#: sssd-ipa.5.xml:684
 msgid "The LDAP attribute that contains unique ID of the user map."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:688
 msgid "Default: ipaUniqueID"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:600
+#: sssd-ipa.5.xml:693
 msgid "ipa_host_ssh_public_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:603
+#: sssd-ipa.5.xml:696
 msgid "The LDAP attribute that contains the host's SSH public keys."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:607
+#: sssd-ipa.5.xml:700
 msgid "Default: ipaSshPubKey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:616
+#: sssd-ipa.5.xml:709
 msgid "SUBDOMAINS PROVIDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:711
 msgid ""
 "The IPA subdomains provider behaves slightly differently if it is configured "
 "explicitly or implicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:622
+#: sssd-ipa.5.xml:715
 msgid ""
 "If the option 'subdomains_provider = ipa' is found in the domain section of "
 "sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -5806,19 +5842,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:628
+#: sssd-ipa.5.xml:721
 msgid ""
 "If the option 'subdomains_provider' is not set in the domain section of sssd."
 "conf but there is the option 'id_provider = ipa', the IPA subdomains "
-"provider is configured implictly. In this case, if a subdomain request fails "
-"and indicates that the server does not support subdomains, i.e. is not "
+"provider is configured implicitly. In this case, if a subdomain request "
+"fails and indicates that the server does not support subdomains, i.e. is not "
 "configured for trusts, the IPA subdomains provider is disabled. After an "
 "hour or after the IPA provider goes online, the subdomains provider is "
 "enabled again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:645
+#: sssd-ipa.5.xml:738
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -5826,7 +5862,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:745
 #, no-wrap
 msgid ""
 "    [domain/example.com]\n"
@@ -5898,35 +5934,37 @@ msgid ""
 "parameter in Active Directory. For details on this, see the <quote>ID "
 "MAPPING</quote> section below. If you want to disable ID mapping and instead "
 "rely on POSIX attributes defined in Active Directory, you should set "
-"<placeholder type=\"programlisting\" id=\"0\"/>"
+"<placeholder type=\"programlisting\" id=\"0\"/> Users, groups and other "
+"entities served by SSSD are always treated as case-insensitive in the AD "
+"provider for compatibility with Active Directory's LDAP implementation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:83
+#: sssd-ad.5.xml:86
 msgid "ad_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:86
+#: sssd-ad.5.xml:89
 msgid ""
 "Specifies the name of the Active Directory domain.  This is optional. If not "
 "provided, the configuration domain name is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:91
+#: sssd-ad.5.xml:94
 msgid ""
 "For proper operation, this option should be specified as the lower-case "
 "version of the long version of the Active Directory domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:102
 msgid "ad_server, ad_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:102
+#: sssd-ad.5.xml:105
 msgid ""
 "The comma-separated list of IP addresses or hostnames of the AD servers to "
 "which SSSD should connect in order of preference. For more information on "
@@ -5936,12 +5974,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:115
+#: sssd-ad.5.xml:118
 msgid "ad_hostname (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:118
+#: sssd-ad.5.xml:121
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the Active Directory domain to identify this "
@@ -5949,22 +5987,54 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:124
+#: sssd-ad.5.xml:127
 msgid ""
 "This field is used to determine the host principal in use in the keytab. It "
 "must match the hostname for which the keytab was issued."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:193
-#, no-wrap
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:135
+msgid "ad_enable_dns_sites (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:142
 msgid ""
-"fallback_homedir = /home/%u\n"
-"                            "
+"If true and service discovery (see Service Discovery paragraph at the bottom "
+"of the man page)  is enabled, the SSSD will first attempt to discover the "
+"Active Directory server to connect to using the Active Directory Site "
+"Discovery and fall back to the DNS SRV records if no AD site is found."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:159
+msgid ""
+"Optional. This option tells SSSD to automatically update the Active "
+"Directory DNS server with the IP address of this client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: 3600 (seconds)"
+msgstr "默认： 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:248 sssd-krb5.5.xml:455
+msgid "krb5_use_enterprise_principal (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:251 sssd-krb5.5.xml:458
+msgid ""
+"Specifies if the user principal should be treated as enterprise principal. "
+"See section 5 of RFC 6806 for more details about enterprise principals."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:278
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -5972,7 +6042,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:238
+#: sssd-ad.5.xml:285
 #, no-wrap
 msgid ""
 "[domain/EXAMPLE]\n"
@@ -5987,7 +6057,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:258
+#: sssd-ad.5.xml:305
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -5996,7 +6066,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:254
+#: sssd-ad.5.xml:301
 msgid ""
 "The AD access control provider checks if the account is expired.  It has the "
 "same effect as the following configuration of the LDAP provider: "
@@ -6093,44 +6163,18 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-sudo.5.xml:92
 msgid ""
-"The following example illustrates setting up SSSD to download sudo rules "
-"from an IPA server. It is necessary to use the LDAP provider and set "
-"appropriate connection parameters to authenticate correctly against the IPA "
-"server, because SSSD does not have native support of IPA provider for sudo "
-"yet."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-sudo.5.xml:100
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"config_file_version = 2\n"
-"services = nss, pam, sudo\n"
-"domains = EXAMPLE\n"
-"\n"
-"[domain/EXAMPLE]\n"
-"id_provider = ipa\n"
-"ipa_domain = example.com\n"
-"ipa_server = ipa.example.com\n"
-"ldap_tls_cacert = /etc/ipa/ca.crt\n"
-"\n"
-"sudo_provider = ldap\n"
-"ldap_uri = ldap://ipa.example.com\n"
-"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
-"ldap_sasl_mech = GSSAPI\n"
-"ldap_sasl_authid = host/hostname.example.com\n"
-"ldap_sasl_realm = EXAMPLE.COM\n"
-"krb5_server = ipa.example.com\n"
+"When the SSSD is configured to use the IPA provider, the sudo provider is "
+"automatically enabled. The sudo search base is configured to use the compat "
+"tree (ou=sudoers,$DC)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:123
+#: sssd-sudo.5.xml:99
 msgid "The SUDO rule caching mechanism"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:125
+#: sssd-sudo.5.xml:101
 msgid ""
 "The biggest challenge, when developing sudo support in SSSD, was to ensure "
 "that running sudo with SSSD as the data source provides the same user "
@@ -6141,7 +6185,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:133
+#: sssd-sudo.5.xml:109
 msgid ""
 "The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
 "new or were modified after the last update. Its primary goal is to keep the "
@@ -6150,7 +6194,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:139
+#: sssd-sudo.5.xml:115
 msgid ""
 "The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
 "in the cache and replaces them with all rules that are stored on the server. "
@@ -6161,7 +6205,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:147
+#: sssd-sudo.5.xml:123
 msgid ""
 "The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
 "more permission than defined. It is triggered each time the user runs sudo. "
@@ -6172,7 +6216,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:156
+#: sssd-sudo.5.xml:132
 msgid ""
 "If enabled, SSSD will store only rules that can be applied to this machine. "
 "This means rules that contain one of the following values in "
@@ -6180,37 +6224,37 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:163
+#: sssd-sudo.5.xml:139
 msgid "keyword ALL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:168
+#: sssd-sudo.5.xml:144
 msgid "wildcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:173
+#: sssd-sudo.5.xml:149
 msgid "netgroup (in the form \"+netgroup\")"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:178
+#: sssd-sudo.5.xml:154
 msgid "hostname or fully qualified domain name of this machine"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:183
+#: sssd-sudo.5.xml:159
 msgid "one of the IP addresses of this machine"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:188
+#: sssd-sudo.5.xml:164
 msgid "one of the IP addresses of the network (in the form \"address/mask\")"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:194
+#: sssd-sudo.5.xml:170
 msgid ""
 "There are many configuration options that can be used to adjust the "
 "behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
@@ -6763,6 +6807,21 @@ msgstr ""
 msgid "krb5_ccname_template (string)"
 msgstr ""
 
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:11
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:170 include/override_homedir.xml:12
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:173 include/override_homedir.xml:15
+msgid "%U"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:174
 msgid "login UID"
@@ -6798,6 +6857,11 @@ msgstr ""
 msgid "home directory"
 msgstr ""
 
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:191 include/override_homedir.xml:19
+msgid "%d"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:192
 msgid "value of krb5ccache_dir"
@@ -6813,6 +6877,16 @@ msgstr ""
 msgid "the process ID of the SSSD client"
 msgstr ""
 
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:203 include/override_homedir.xml:34
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:204 include/override_homedir.xml:35
+msgid "a literal '%'"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:161
 msgid ""
@@ -6904,32 +6978,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:326
+#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:326 sssd-krb5.5.xml:363
 msgid "<emphasis>s</emphasis> for seconds"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:329
+#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:329 sssd-krb5.5.xml:366
 msgid "<emphasis>m</emphasis> for minutes"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:298 sssd-krb5.5.xml:332
+#: sssd-krb5.5.xml:298 sssd-krb5.5.xml:332 sssd-krb5.5.xml:369
 msgid "<emphasis>h</emphasis> for hours"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:301 sssd-krb5.5.xml:335
+#: sssd-krb5.5.xml:301 sssd-krb5.5.xml:335 sssd-krb5.5.xml:372
 msgid "<emphasis>d</emphasis> for days."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:304
+#: sssd-krb5.5.xml:304 sssd-krb5.5.xml:375
 msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:308
+#: sssd-krb5.5.xml:308 sssd-krb5.5.xml:379
 msgid ""
 "NOTE: It is not possible to mix units.  To set the renewable lifetime to one "
 "and a half hours, use '90m' instead of '1h30m'."
@@ -6948,8 +7022,8 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:322
 msgid ""
-"Request ticket with a with a lifetime, given as an integer immediately "
-"followed by a time unit:"
+"Request ticket with a lifetime, given as an integer immediately followed by "
+"a time unit:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -6972,66 +7046,67 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:354
-msgid "krb5_renew_interval (integer)"
+msgid "krb5_renew_interval (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:357
 msgid ""
 "The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
+"are renewed if about half of their lifetime is exceeded, given as an integer "
+"immediately followed by a time unit:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:362
+#: sssd-krb5.5.xml:384
 msgid "If this option is not set or is 0 the automatic renewal is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:372
+#: sssd-krb5.5.xml:394
 msgid "krb5_use_fast (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:375
+#: sssd-krb5.5.xml:397
 msgid ""
 "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
 "authentication. The following options are supported:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:380
+#: sssd-krb5.5.xml:402
 msgid ""
 "<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
 "option at all."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:384
+#: sssd-krb5.5.xml:406
 msgid ""
 "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
 "continue the authentication without it."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:389
+#: sssd-krb5.5.xml:411
 msgid ""
 "<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
 "server does not require fast."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:394
+#: sssd-krb5.5.xml:416
 msgid "Default: not set, i.e. FAST is not used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:397
+#: sssd-krb5.5.xml:419
 msgid "NOTE: a keytab is required to use FAST."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:400
+#: sssd-krb5.5.xml:422
 msgid ""
 "NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
 "SSSD is used with an older version of MIT Kerberos, using this option is a "
@@ -7039,22 +7114,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:409
+#: sssd-krb5.5.xml:431
 msgid "krb5_fast_principal (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
+#: sssd-krb5.5.xml:434
 msgid "Specifies the server principal to use for FAST."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:421
+#: sssd-krb5.5.xml:443
 msgid ""
 "Specifies if the host and user principal should be canonicalized. This "
 "feature is available with MIT Kerberos 1.7 and later versions."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:464
+msgid "Default: false (AD provide: true)"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-krb5.5.xml:65
 msgid ""
@@ -7066,7 +7146,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:443
+#: sssd-krb5.5.xml:480
 msgid ""
 "The following example assumes that SSSD is correctly configured and FOO is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section. This "
@@ -7075,7 +7155,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:451
+#: sssd-krb5.5.xml:488
 #, no-wrap
 msgid ""
 "    [domain/FOO]\n"
@@ -7711,6 +7791,17 @@ msgid ""
 "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92
+msgid "EXIT STATUS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94
+msgid ""
+"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
 msgid "sss_ssh_knownhostsproxy"
@@ -8396,3 +8487,64 @@ msgid ""
 "any autofs-related changes are made to the sssd.conf, you typically also "
 "need to restart the automounter daemon after restarting the SSSD."
 msgstr ""
+
+#. type: Content of: <varlistentry><term>
+#: include/override_homedir.xml:2
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:16
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:20
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: include/override_homedir.xml:23
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:24
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: include/override_homedir.xml:27
+msgid "%o"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:29
+msgid "The original home directory retrieved from the identity provider."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/override_homedir.xml:5
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/override_homedir.xml:41
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><programlisting>
+#: include/override_homedir.xml:46
+#, no-wrap
+msgid ""
+"override_homedir = /home/%u\n"
+"        "
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/override_homedir.xml:50
+msgid "Default: Not set (SSSD will use the value retrieved from LDAP)"
+msgstr ""
-- 
cgit