summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2016-06-20 21:30:05 +0200
committerJakub Hrozek <jhrozek@redhat.com>2016-06-20 21:31:00 +0200
commitf45a20d6ba9e8d695ec3ab707f0cc082999aa4a3 (patch)
tree7dcf1cb35736e6b06bc7a9b82225077da74ba262
parenta9aa70887985d37985093f1299fc15b2e060b2a0 (diff)
downloadsssd-f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3.tar.gz
sssd-f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3.tar.xz
sssd-f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3.zip
Updating the translations for the 1.14 alpha releasesssd-1_14_0_alpha1sssd-1_13_90
Diffstat
-rw-r--r--po/LINGUAS1
-rw-r--r--po/bg.po813
-rw-r--r--po/ca.po1417
-rw-r--r--po/de.po829
-rw-r--r--po/es.po824
-rw-r--r--po/eu.po817
-rw-r--r--po/fr.po833
-rw-r--r--po/hu.po814
-rw-r--r--po/id.po813
-rw-r--r--po/it.po817
-rw-r--r--po/ja.po823
-rw-r--r--po/nb.po812
-rw-r--r--po/nl.po823
-rw-r--r--po/pl.po831
-rw-r--r--po/pt.po817
-rw-r--r--po/pt_BR.po1958
-rw-r--r--po/ru.po856
-rw-r--r--po/sssd.pot810
-rw-r--r--po/sv.po823
-rw-r--r--po/tg.po812
-rw-r--r--po/tr.po812
-rw-r--r--po/uk.po826
-rw-r--r--po/zh_CN.po812
-rw-r--r--po/zh_TW.po816
-rw-r--r--src/man/po/br.po2633
-rw-r--r--src/man/po/ca.po4667
-rw-r--r--src/man/po/cs.po2621
-rw-r--r--src/man/po/de.po2821
-rw-r--r--src/man/po/es.po2795
-rw-r--r--src/man/po/eu.po2615
-rw-r--r--src/man/po/fr.po3012
-rw-r--r--src/man/po/ja.po2765
-rw-r--r--src/man/po/lv.po2627
-rw-r--r--src/man/po/nl.po2639
-rw-r--r--src/man/po/po4a.cfg2
-rw-r--r--src/man/po/pt.po2656
-rw-r--r--src/man/po/pt_BR.po11506
-rw-r--r--src/man/po/ru.po2621
-rw-r--r--src/man/po/sssd-docs.pot2560
-rw-r--r--src/man/po/tg.po2617
-rw-r--r--src/man/po/uk.po2895
-rw-r--r--src/man/po/zh_CN.po2629
42 files changed, 50590 insertions, 26700 deletions
diff --git a/po/LINGUAS b/po/LINGUAS
index 67d68d820..526cd57b8 100644
--- a/po/LINGUAS
+++ b/po/LINGUAS
@@ -12,6 +12,7 @@ nb
nl
pl
pt
+pt_BR
ru
sv
tg
diff --git a/po/bg.po b/po/bg.po
index 90958cc45..a512f8ca4 100644
--- a/po/bg.po
+++ b/po/bg.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Bulgarian (http://www.transifex.com/projects/p/sssd/language/"
@@ -18,161 +18,175 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr "Задава ниво на подробност на debug лог записите"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr "Включва час и дата в debug лога"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr "Записва debug съобщенията в логфайлове"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr "Ping изчакване преди рестарт на услугата"
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr "Команда за стартиране на услугата"
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr "Време за опити за връзка с Data Provider-и"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr "SSSD услуги за стартиране"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr "SSSD домейни за стартиране"
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr "Изчакване за съобщения, изпратени през SBUS"
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr "Regex за намиране на потребителско име и домейн"
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Printf-съвместим формат за изобразяване на пълно-квалифицирани имена"
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:65
+#, fuzzy
+msgid "Tune certificate verification"
+msgstr "Изисква TLS проверка на сертификат"
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+msgid "Files negative cache timeout length (seconds)"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr "Потребители, които SSSD изрично трябва да игнорира"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr "Групи, които SSSD изрично трябва да игнорира"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr "Да се показват ли филтрираните потребители в групи"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr "Стойността на полето парола, което NSS доставчикът трябва да върне"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr "Колко дни да се позволява кеширано влизане между влизания онлайн"
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr "Колко неуспешни опита за влизане са разрешени, когато сме офлайн"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -180,1243 +194,1272 @@ msgstr ""
"Колко време (в минути) да е забранено влизането, след достигане броя "
"неуспешни опити за влизане, когато сме офлайн"
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+msgid "Message printed when user account is locked."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
#, fuzzy
msgid "Path to storage of trusted CA certificates"
msgstr "Файл, съдържащ CA сертификати"
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr "Доставчик на самоличност"
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr "Доставчик на удостоверяване"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr "Доставчик на контрол на достъп"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr "Доставчик на смяна на парола"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr "Минимално ID на потребител"
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr "Максимално ID на потребител"
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr "Кеширай идентификационни данни за офлайн влизане"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr "Съхранявай хешове на пароли"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr "Показвай потребители/групи в пълно -валифицирана форма"
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr "Ограничава или предпочита определена фамилия адреси при DNS търсения"
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Колко дни да се пазят кешираните записи след последното успешно влизане"
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Колко време да чакам за отговори от DNS при търсене на сървъри (секунди)"
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr "Частта Домейн от DNS заявката за откриване на услуга"
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr "Интерфейсът, чийто IP да се ползва за динамични DNS обновявания"
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr "IPA домейн"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr "Адрес на IPA сървър"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr "Име на хост на IPA клиент"
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr "Дали автоматично да се обновява клиентския DNS запис във FreeIPA"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr "LDAP филтър за определяне права на достъп"
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr "Адрес на Kerberos сървър"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr "Kerberos област"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr "Директория за съхранение на кеша за данни за удостоверяване"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr "Местоположение на кеша за данни за удостоверяване на потребители"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr "Местоположение на keytab за валидиране на данните за удостоверяване"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr "Разреши проверката на данните за удостоверяване"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr "Записва паролата ако е офлайн за по-късно удостоверяване"
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr "Сървърът, на който работи услугата за смяна на парола ако не е на KDC"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, URI на LDAP сървъра"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr "Базовият DN по подразбиране"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Използваният тип схема на LDAP сървъра, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr "Подразбиращият се bind DN"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr "Продължителност на опитите за свързване"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Продължителност на опитите за синхронни LDAP операции"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr "Продължителност на времето между опитите за връзка докато е офлайн"
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr "Файл, съдържащ CA сертификати"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr "Път до директорията на CA сертификат"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr "Изисква TLS проверка на сертификат"
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr "Задава за използване механизма sasl"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr "Задаване на sasl authorization id за употреба"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr "keytab на Kerberos услуга"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr "Ползвай Kerberos auth за LDAP връзка"
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr "Следвай LDAP референциите"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr "Продължителност на живот на TGT за LDAP връзка"
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr "Продължителност на време за изчакване на заявка за търсене"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr "Продължителност на време между актуализации на изброяване"
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr "Изисква TLS за ИД справките"
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr "атрибут Потребителско име"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr "атрибут UID"
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr "атрибут Първичен GID"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr "атрибут GECOS"
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr "атрибут Домашна директория"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr "атрибут Команден интерпретатор"
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr "атрибут User principal (за Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr "Пълно име"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr "атрибут членНа"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr "атрибут Момент на промяна"
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+msgid "The LDAP group external member attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr "Политика за определяне срок на валидност на парола"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr "Списък разрешени потребители, разделени със запетая"
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr "Списък забранени потребители, разделени със запетая"
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr "Подразбиращ се команден интерпретатор, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr "Място за домашните директории"
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr "Продължава като демон (по подразбиране)"
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr "Интерактивна работа (а не като демон)"
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Задаване на друг (не подразбиращия се) конфиг файл"
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr "Ниво на debug"
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr ""
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr ""
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr "SSSD не е стартиран като root."
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr "Възникнала е грешка, но не може да се намери описание."
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr "Неочаквана грешка при търсене на описание на грешка"
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr ""
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr "Съобщение от сървъра:"
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr "Паролите не съвпадат"
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr "Промяна на паролата от root не се поддържа."
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr "Удостоверен с кеширани идентификационни данни"
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ", кешираната парола ще изтече на: "
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr "Удостоверяването е забранено до: "
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr "Системата е офлайн, промяна на паролата не е възможна"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
msgstr ""
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr "Промяната на паролата не успя."
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr "Нова парола:"
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr "Отново новата парола:"
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr "Парола:"
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr "Текуща парола:"
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr "Паролата Ви е остаряла. Сменете я сега."
@@ -1425,7 +1468,7 @@ msgstr "Паролата Ви е остаряла. Сменете я сега."
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "Нивото на debug записи при работа"
@@ -1438,7 +1481,7 @@ msgstr ""
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr "Грешка при задаване локални настр.\n"
@@ -1870,88 +1913,96 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr ""
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr ""
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr ""
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
+#: src/tools/sss_cache.c:644
+msgid "Invalidate all cached entries"
msgstr ""
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr ""
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr ""
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+msgid "Invalidate particular sudo rule"
+msgstr ""
+
+#: src/tools/sss_cache.c:677
+msgid "Invalidate all cached sudo rules"
+msgstr ""
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr ""
@@ -1972,7 +2023,7 @@ msgstr ""
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr ""
@@ -1981,14 +2032,10 @@ msgstr ""
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr ""
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr ""
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr ""
diff --git a/po/ca.po b/po/ca.po
index b9d249f60..f2bcbdaea 100644
--- a/po/ca.po
+++ b/po/ca.po
@@ -1,7 +1,7 @@
# SOME DESCRIPTIVE TITLE.
# Copyright (C) YEAR Red Hat, Inc.
# This file is distributed under the same license as the PACKAGE package.
-#
+#
# Translators:
# muzzol <muzzol@gmail.com>, 2012
# muzzol <muzzol@gmail.com>, 2012
@@ -13,201 +13,215 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-06-22 11:41+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
+"PO-Revision-Date: 2015-10-18 03:21-0400\n"
+"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
+"Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/"
+"ca/)\n"
+"Language: ca\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"PO-Revision-Date: 2015-09-29 10:18-0400\n"
-"Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n"
-"Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/ca/"
-")\n"
-"Language: ca\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr "Estableix la verbositat del registre de depuració"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
-msgstr "Inclou les marques de temps als registres de depuració"
+msgstr "Inclou les marques temporals als registres de depuració"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-"Inclou els mil·lisegons a les marques de temps als registres de depuració"
+"Inclou els mil·lisegons a les marques temporals als registres de depuració"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr "Escriu els missatges de depuració als fitxers dels registres"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr "El temps d'expiració del ping abans de reiniciar el servei"
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
"El temps d'expiració entre les tres comprovacions fallides del ping i matar "
"forçadament el servei"
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr "L'ordre per iniciar el servei"
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
-msgstr ""
-"El nombre de vegaders per intentar la connexió als proveïdors de dades"
+msgstr "El nombre de vegades per intentar la connexió als proveïdors de dades"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
"El nombre de descriptors de fitxers que poden estar oberts per aquest "
"contestador"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr "El temps d'inactivitat abans de la desconnexió automàtica d'un client"
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr "Els serveis del SSSD a iniciar"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr "Els dominis del SSSD a iniciar"
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr "El temps d'expiració per als missatges enviats a través del SBUS"
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr "L'expressió regular per analitzar el nom d'usuari i el domini"
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Format compatible amb printf per mostrar els FQN"
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
"El directori del sistema de fitxers on el SSSD ha d'emmagatzemar els fitxers "
-"de la memòria auxiliar de la repetició de Kerberos."
+"de la memòria cau de repetició de Kerberos."
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr "El domini per afegir als noms sense un component de domini."
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
-msgstr "L'usuari a qui es disminueixen el permisos"
+msgstr "L'usuari a qui se li disminueixen els permisos"
#: src/config/SSSDConfig/__init__.py.in:65
+#, fuzzy
+msgid "Tune certificate verification"
+msgstr "Requereix verificació de certificat TLS"
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-"La durada del temps d'expiració de l'enumeració de la memòria auxiliar (en "
+"Període de temps per a l'expiració de la memòria cau de les enumeracions (en "
"segons)"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-"La durada del temps d'expiració de l'actualització en rerefons de les "
-"entrades de la memòria auxiliar (en segons)"
+"Període de temps per a l'expiració de l'actualització en rerefons de les "
+"entrades de la memòria cau (en segons)"
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:97
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr ""
-"La durada del temps d'expiració de la memòria auxiliar, negativa (en segons)"
+"Període de temps per a l'expiració de la memòria cau negativa (en segons)"
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+#, fuzzy
+msgid "Files negative cache timeout length (seconds)"
+msgstr ""
+"Període de temps per a l'expiració de la memòria cau negativa (en segons)"
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr "Els usuaris que l'SSSD hauria d'ignorar explícitament"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr "Els grups que l'SSSD hauria d'ignorar explícitament"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr "Si els usuaris filtrats han d'aparèixer als grups"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr ""
-"El valor al camp de contrasenya que el proveïdor NSS hauria de respondre"
+"El valor del camp de la contrasenya que ha de retornar el proveïdor NSS"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-"Substitueix el valor del directori d'usuari del proveïdor d'identitat amb "
-"aquest valor"
+"Substitueix el valor de homedir del proveïdor d'identitat amb aquest valor"
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-"Substitueix el valor buit del directori d'usuari del proveïdor d'identitat "
-"amb aquest valor"
+"Substitueix el valor buit de homedir del proveïdor d'identitat amb aquest "
+"valor"
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr ""
"Substitueix el valor del shell del proveïdor d'identitat amb aquest valor"
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr ""
"La llista dels shells que els usuaris poden utilitzar per iniciar la sessió"
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
"La llista dels shells que es vetaran i se substituiran amb el shell "
"alternatiu"
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-"Si un shell establert al directori central està permès però no es troba "
+"Si un shell emmagatzemat al directori central està permès però no es troba "
"disponible, utilitza aquesta alternativa"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr "El shell a utilitzar si el proveïdor no en llista cap"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
-msgstr "Quant de temps seran vàlids els registres a la memòria auxiliar"
+msgstr "Quant de temps seran vàlids els registres a la memòria cau"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
"Tots els espais, als noms dels grups o dels usuaris, se substituiran amb "
"aquest caràcter"
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-"Quant de temps s'ha de permetre entre els inicis de sessió en memòria "
-"auxiliar i els inicis de sessió en línia (en dies)"
+"Quant de temps s'ha de permetre entre els inicis de sessions en memòria cau "
+"i els inicis de sessions en línia (en dies)"
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
"Quants intents fallits d'inicis de sessió es permeten quan s'està "
"desconnectat"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -215,47 +229,67 @@ msgstr ""
"Quant de temps (en minuts) s'ha de denegar l'inici de sessió després d'haver "
"assolit offline_failed_login_attempts"
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr "Quins tipus de missatges es mostren a l'usuari durant l'autenticació"
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-"Quants segons s'ha de mantenir la informació en la memòria auxiliar per a "
-"les peticions PAM"
+"Quants segons s'ha de mantenir la informació en la memòria cau per a les "
+"peticions PAM"
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-"Quants dies abans de l'expiració de la contrasenya s'hauria de mostrar un "
-"avís"
+"Quants dies abans del venciment de la contrasenya s'hauria de mostrar una "
+"advertència"
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr "La llista dels uid o dels noms d'usuari de confiança"
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
"La llista dels dominis accessibles fins i tot per als usuaris que no són de "
"confiança."
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr "El missatge que es mostra quan venç el compte de l'usuari."
-#: src/config/SSSDConfig/__init__.py.in:94
+#: src/config/SSSDConfig/__init__.py.in:96
+#, fuzzy
+msgid "Message printed when user account is locked."
+msgstr "El missatge que es mostra quan venç el compte de l'usuari."
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
+msgid "How many seconds will pam_sss wait for p11_child to finish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr "Si s'avaluen els atributs basats en temps a les regles sudo"
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:103
+msgid "If true, SSSD will switch back to lower-wins ordering logic"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-"Si s'utilitzen els algoritmes hash als noms i adreces dels amfitrions al "
-"fitxer known_hosts"
+"Si s'esbocinen els noms i les adreces dels amfitrions al fitxer known_hosts"
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
@@ -263,931 +297,991 @@ msgstr ""
"Quants segons s'ha de mantenir un amfitrió al fitxer known_hosts després que "
"s'hagi sol·licitat la seva clau"
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
+#, fuzzy
+msgid "Path to storage of trusted CA certificates"
+msgstr "Fitxer que conté els certificats de l'AC"
+
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
"La llista dels UID o dels noms d'usuari que poden accedir al contestador del "
"PAC"
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
"La llista dels UID o dels noms d'usuari que poden accedir al contestador de "
"l'InfoPipe"
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr "La llista dels atributs de l'usuari que l'InfoPipe pot publicar"
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr "Proveïdor d'identitat"
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr "Proveïdor d'autenticació"
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr "Proveïdor de control d'accés"
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr "Proveïdor de canvi de contrasenya"
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr "Proveïdor de SUDO"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr "Proveïdor d'Autofs"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr "Proveïdor de càrrega de sessió"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr "Proveïdor d'identitat d'amfitrions"
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
-msgstr "ID mínim d'usuari"
+msgstr "Id. mínim d'usuari"
-#: src/config/SSSDConfig/__init__.py.in:122
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
-msgstr "ID màxim d'usuari"
+msgstr "Id. màxim d'usuari"
-#: src/config/SSSDConfig/__init__.py.in:123
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
-msgstr "Activa l'enumeració de tots els usuaris/grups"
+msgstr "Habilita l'enumeració de tots els usuaris/grups"
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
-msgstr ""
-"Credencials en memòria auxiliar per als inicis de sessió fora de línia"
+msgstr "Credencials en memòria cau per als inicis de sessions sense connexió"
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr "Emmagatzema els codis hash de les contrasenyes"
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr "Mostra els usuaris/grups en format plenament qualificat"
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr "No incloure als membres dels grups en la recerca del grup"
-#: src/config/SSSDConfig/__init__.py.in:128
-#: src/config/SSSDConfig/__init__.py.in:135
-#: src/config/SSSDConfig/__init__.py.in:136
-#: src/config/SSSDConfig/__init__.py.in:137
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr ""
-"La durada del temps d'expiració de les entrades de la memòria auxiliar (en "
+"Període de temps per a l'expiració de les entrades de la memòria cau (en "
"segons)"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Restringeix o prefereix una família específica d'adreces quan es realitzi la "
"recerca del DNS"
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-"Quant de temps s'han de mantenir les entrades en la memòria auxiliar després "
-"de l'últim inici de sessió reeixit (en dies)"
+"Quant de temps s'han de mantenir les entrades en la memòria cau després de "
+"l'últim inici de sessió reeixit (en dies)"
-#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Temps d'expiració per a les respostes del DNS en la resolució dels servidors "
"(en segons)"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
-msgstr "La part de domini de la consulta DNS del descobriment del servei"
+msgstr "La part del domini de la consulta DNS del descobriment del servei"
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
-msgstr "Substitueix el valor GID del proveïdor d'identitat amb aquest valor"
+msgstr ""
+"Substitueix el valor del GID del proveïdor d'identitat amb aquest valor"
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr "Distingeix entre majúscules i minúscules als noms d'usuari"
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr "Amb quina freqüència les entrades vençudes s'actualitzen al rerefons"
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr "Si s'actualitza automàticament l'entrada DNS del client"
-#: src/config/SSSDConfig/__init__.py.in:143
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
-msgstr ""
-"El TTL per aplicar a l'entrada DNS del client després d'actualitzar-ho"
+msgstr "El TTL per aplicar a l'entrada DNS del client després d'actualitzar-ho"
-#: src/config/SSSDConfig/__init__.py.in:144
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"La interfície amb la IP que s'hauria d'utilitzar per a les actualitzacions "
"dinàmiques DNS"
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr "Cada quant s'actualitzarà automàticament l'entrada DNS del client"
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
-msgstr ""
+msgstr "Si el proveïdor ha d'actualitzar explícitament així el registre PTR"
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr "Si la utilitat nsupdate per defecte ha d'utilitzar TCP"
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-"Quin tipus d'autentificació s'ha d'utilitzar per realitzar l'actualització "
-"del DNS"
+"Quin tipus d'autenticació s'ha d'utilitzar per realitzar l'actualització del "
+"DNS"
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:160
+#, fuzzy
+msgid "Override the DNS server used to perform the DNS update"
+msgstr ""
+"Quin tipus d'autenticació s'ha d'utilitzar per realitzar l'actualització del "
+"DNS"
+
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
-msgstr "Enumeració de control dels amfitrions de confiança"
+msgstr "Control de l'enumeració dels amfitrions de confiança"
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr "Amb quina freqüència s'ha de refrescar la llista dels subdominis"
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
+msgstr "Llista de les opcions que han de ser inherents a un subdomini"
+
+#: src/config/SSSDConfig/__init__.py.in:164
+msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr "Domini IPA"
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr "Adreça del servidor IPA"
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr "Adreça del servidor IPA de reserva "
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr "Nom d'amfitrió del client IPA"
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr "Si s'actualitza automàticament l'entrada DNS del client a FreeIPA"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
-msgstr "Base de cerca pels objectes HBAC"
+msgstr "Base de cerca per als objectes relacionats amb HBAC"
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
"Quantitat de temps entre recerques de les regles HBAC contra el servidor IPA"
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
+"Quantitat de temps en segons entre recerques de les assignacions SELinux "
+"contra el servidor IPA"
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
"Si s'estableix a fals, s'ignorarà l'argument de l'amfitrió proporcionat amb "
"PAM"
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr ""
-"La ubicació del muntador automàtic que aquest client IPA està utilitzant"
+"La ubicació de l'eina de muntatge automàtic que aquest client IPA està "
+"utilitzant"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr ""
-"Base de cerca per a l'objecte que conté informació sobre el domini de l'IPA"
+"Base de cerca per a l'objecte que conté la informació sobre el domini de "
+"l'IPA"
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr ""
"Base de cerca per als objectes que contenen informació sobre els intervals "
"d'id."
-#: src/config/SSSDConfig/__init__.py.in:168
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-"Habilita els llocs DNS - la localització es basa en el descobriment del "
-"servei"
+"Habilita els llocs DNS - el descobriment del servei es basa en la ubicació"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
-msgstr ""
+msgstr "Base de cerca per als contenidors de la vista"
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
-msgstr "Objectclass per veure els contenidors"
+msgstr "Objectclass per als contenidors de la vista"
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
-msgstr "Atribut amb el nom de la vista"
+msgstr "L'atribut amb el nom de la vista"
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
-msgstr ""
+msgstr "Objectclass per substituir els objectes"
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
-msgstr ""
+msgstr "L'atribut amb la referència a l'objecte original"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
-msgstr ""
+msgstr "Objectclass per als objectes de substitució d'usuari"
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
-msgstr ""
+msgstr "Objectclass per als objectes de substitució de grup"
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr "Domini Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr "Adreça del servidor de l'Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr "Adreça del servidor de l'Active Directory de reserva"
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr "Nom d'amfitrió del client d'Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:183
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr "Filtre LDAP per determinar els privilegis d'accés"
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
-msgstr ""
+msgstr "Si s'utilitza el catàleg global per a les recerques"
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr "Mode d'operació per al control d'accés basat en GPO"
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
+"Quantitat de temps entre recerques de fitxers de polítiques GPO contra el "
+"servidor d'AD"
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
msgstr ""
+"Noms dels serveis del PAM que s'assignen als ajusts de les polítiques "
+"(Deny)InteractiveLogonRight del GPO"
-#: src/config/SSSDConfig/__init__.py.in:188
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
msgstr ""
+"Noms dels serveis del PAM que s'assignen als ajusts de les polítiques "
+"(Deny)RemoteInteractiveLogonRight del GPO"
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
-"PAM service names that map to the GPO (Deny)NetworkLogonRight policy "
-"settings"
+"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
+"Noms dels serveis del PAM que s'assignen als ajusts de les polítiques "
+"(Deny)NetworkLogonRight del GPO"
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
+"Noms dels serveis del PAM que s'assignen als ajusts de les polítiques "
+"(Deny)BatchLogonRight del GPO"
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
-"PAM service names that map to the GPO (Deny)ServiceLogonRight policy "
-"settings"
+"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
+"Noms dels serveis del PAM que s'assignen als ajusts de les polítiques "
+"(Deny)ServiceLogonRight del GPO"
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
+"Noms dels serveis del PAM als quals sempre se'ls garanteix l'accés basat en "
+"GPO"
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
+"Noms dels serveis del PAM als quals sempre se'ls denega l'accés basat en GPO"
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
+"Dret (permet o denega) predeterminat de l'inici de sessió a utilitzar per "
+"als noms dels serveis del PAM sense assignar"
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
+msgstr "un lloc determinat per utilitzar amb el client"
+
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr "Adreça del servidor Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
-msgstr "Adreça de servidor Kerberos de reserva"
+msgstr "Adreça del servidor Kerberos de reserva"
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr "Reialme Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr "Temps d'expiració de l'autenticació"
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr "Si es creen els fitxers kdcinfo"
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
-msgstr ""
+msgstr "Si es rebutgen les parts de la configuració del krb5"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
-msgstr "Directori per emmagatzemar la memòria auxiliar de les credencials"
+msgstr "Directori per emmagatzemar la memòria cau de les credencials"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
-msgstr "Ubicació de la memòria auxiliar de les credencials de l'usuari"
+msgstr "Ubicació de la memòria cau de les credencials de l'usuari"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr "Ubicació de la clau per validar les credencials"
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
-msgstr "Activa la validació de credencials"
+msgstr "Habilita la validació de credencials"
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr ""
-"Emmagatzema la contrasenya quan estigui fora de línia per autenticació en "
-"línia posterior"
+"Emmagatzema la contrasenya si s'està desconnectat per a l'autenticació "
+"posterior amb connexió"
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr "Temps de vida renovable del TGT"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr "Temps de vida del TGT"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
-msgstr "Temps entre les dues comprovacions per renovar"
+msgstr "Temps entre les dues comprovacions per a la renovació"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
-msgstr "Activa FAST"
+msgstr "Habilita FAST"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr "Selecciona el principal per utilitzar amb FAST"
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
-msgstr "Activa la canonització del principal"
+msgstr "Habilita la canonització del principal"
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr "Habilita els principals empresarials"
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
+"Una assignació des dels noms dels usuaris als noms del principal de kerberos"
-#: src/config/SSSDConfig/__init__.py.in:222
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-"Servidor on es troba el servei de canvi de contrasenya si no és al KDC"
+"Servidor on es troba el servei de canvi de contrasenya si no està al KDC"
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, La URI del servidor LDAP"
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr "ldap_backup_uri, la URI del servidor LDAP"
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
-msgstr "La base DN per defecte"
+msgstr "El DN base per defecte"
-#: src/config/SSSDConfig/__init__.py.in:229
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "El tipus d'esquema en ús al servidor LDAP, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
-msgstr "DN de creació del vincle per defecte"
+msgstr "El DN de creació del vincle per defecte"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr ""
"El tipus del testimoni d'autenticació del DN de creació del vincle per "
"defecte"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr "El testimoni d'autenticació del DN de creació del vincle per defecte"
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
-msgstr "Llargària del temps per intentar una connexió"
+msgstr "Període de temps per intentar una connexió"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
-msgstr "Llargària del temps per intentar operacions LDAP asíncrones"
+msgstr "Període de temps per intentar operacions LDAP asíncrones"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-"Llargària del temps entre intents per re-connectar quan estigui fora de "
-"línia"
+"Període de temps entre els intents per tornar a connectar mentre s'està "
+"desconnectat"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr "Utilitza només majúscules pels noms de reialme"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
-msgstr "Fitxer que conté els certificats CA"
+msgstr "Fitxer que conté els certificats de l'AC"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr "Camí al directori del certificat de l'AC"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr "Fitxer que conté el certificat de client"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr "Fitxer que conté la clau de client"
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr "Llista de paquets de xifrat possibles"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr "Requereix verificació de certificat TLS"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr "Especifica el mecanisme SASL a utilitzar"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr "Especifica l'id. d'autorització SASL a utilitzar"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr "Especifica el reialme d'autorització SASL a utilitzar"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
-msgstr "Especifica el SSF mínim per autorització SASL de LDAP"
+msgstr "Especifica el SSF mínim per a l'autorització SASL de LDAP"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
-msgstr "Clau de servei Kerberos"
+msgstr "Taula de claus del servei del Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
-msgstr "Utilitza autenticació Kerberos per la connexió LDAP"
+msgstr "Utilitza l'autenticació Kerberos per a la connexió LDAP"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr "Segueix les referències LDAP"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr "Temps de vida del TGT per la connexió LDAP"
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
-msgstr "Com desreferenciar àlies"
+msgstr "Com desreferenciar els àlies"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
-msgstr "Nom del servei per la recerca del servei del DNS"
+msgstr "Nom del servei per a la recerca del servei del DNS"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
-msgstr "El número de registres a recuperar en una sola petició LDAP"
+msgstr "El nombre de registres a recuperar en una sola consulta LDAP"
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-"El número de membres que han de faltar per activar una de-referència "
-"completa"
+"El nombre de membres que han de faltar per activar una de-referència completa"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-"Si la biblioteca LDAP hauria de realitzar una recerca inversa per "
-"canonalitzar el nom d'amfitrió durant la creació del vincle SASL"
+"Si la biblioteca LDAP hauria de realitzar una recerca inversa per canonitzar "
+"el nom d'amfitrió durant la creació del vincle SASL"
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
-msgstr "Atribut entryUSN"
+msgstr "L'atribut entryUSN"
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
-msgstr "Atribut lastUSN"
+msgstr "L'atribut lastUSN"
-#: src/config/SSSDConfig/__init__.py.in:260
-msgid ""
-"How long to retain a connection to the LDAP server before disconnecting"
+#: src/config/SSSDConfig/__init__.py.in:275
+msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-"Quant temps s'ha de retenir una connexió al servidor LDAP abans de "
+"Quant de temps s'ha de retenir una connexió al servidor LDAP abans de "
"desconnectar"
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
-msgstr "Desactiva el control de paginació LDAP"
+msgstr "Inhabilita el control de paginació LDAP"
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr "Inhabilita la recuperació de l'interval de l'Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
-msgstr "Llargària de temps a esperar per una petició de cerca"
+msgstr "Període de temps per esperar una petició de cerca"
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
-msgstr "Llargària de temps a esperar per una petició d'enumeració"
+msgstr "Període de temps per esperar una petició d'enumeració"
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
-msgstr "Llargària de temps entre actualitzacions d'enumeració"
+msgstr "Període de temps entre les actualitzacions de les enumeracions"
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
-msgstr "Longevitat entre les neteges de la memòria auxiliar"
+msgstr "Període de temps entre les neteges de la memòria cau"
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr "Requereix TLS per a la recerca d'id."
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-"Utilitza l'assignació d'id. de l'objectSID enlloc dels id. pre-establerts"
+"Utilitza l'assignació dels id. de l'objectSID en lloc dels id. pre-establerts"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr "DN base per a la recerca de l'usuari"
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr "Abast de la recerca de l'usuari"
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr "Filtre per a la recerca de l'usuari"
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
-msgstr "Objectclass dels usuaris"
+msgstr "Objectclass per als usuaris"
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
-msgstr "Atribut del nom d'usuari"
+msgstr "L'atribut nom d'usuari"
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
-msgstr "Atribut de l'UID"
+msgstr "L'atribut UID"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
-msgstr "Atribut del GID primari"
+msgstr "L'atribut GID primari"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
-msgstr "Atribut del GECOS"
+msgstr "L'atribut GECOS"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
-msgstr "Atribut del directori d'usuari"
+msgstr "L'atribut directori inicial"
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
-msgstr "Atribut del shell"
+msgstr "L'atribut shell"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
-msgstr "Atribut del UUID"
+msgstr "L'atribut UUID"
-#: src/config/SSSDConfig/__init__.py.in:284
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
-msgstr "Atribut de l'objectSID"
+msgstr "L'atribut objectSID"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
-msgstr ""
-"Atribut del grup primari de l'Active Directory per a l'assignació d'id."
+msgstr "L'atribut grup primari de l'Active Directory per a l'assignació d'id."
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
-msgstr "Atribut d'usuari principal (per a Kerberos)"
+msgstr "L'atribut usuari principal (per a Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr "Nom complet"
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
-msgstr "Atribut memberOf"
+msgstr "L'atribut memberOf"
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
-msgstr "Atribut de la data de modificació"
+msgstr "L'atribut data de modificació"
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
-msgstr "Atribut shadowLastChange"
+msgstr "L'atribut shadowLastChange"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
-msgstr "Atribut shadowMin"
+msgstr "L'atribut shadowMin"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
-msgstr "Atribut shadowMax"
+msgstr "L'atribut shadowMax"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
-msgstr "Atribut shadowWarning"
+msgstr "L'atribut shadowWarning"
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
-msgstr "Atribut shadowInactive"
+msgstr "L'atribut shadowInactive"
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
-msgstr "Atribut shadowExpire"
+msgstr "L'atribut shadowExpire"
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
-msgstr "Atribut shadowFlag"
+msgstr "L'atribut shadowFlag"
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
-msgstr "Atribut que llista els serveis PAM autoritzats"
+msgstr "L'atribut que llista els serveis PAM autoritzats"
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
-msgstr "Llista els atributs dels amfitrions dels servidors autoritzats"
+msgstr "L'atribut que llista els amfitrions dels servidors autoritzats"
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
-msgstr "Atribut krbLastPwdChange"
+msgstr "L'atribut krbLastPwdChange"
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
-msgstr "Atribut krbPasswordExpiration"
+msgstr "L'atribut krbPasswordExpiration"
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-"Atribut que indica l'activació de les polítiques de contrasenya de servidor"
+"L'atribut que indica l'activació de les polítiques de contrasenya de servidor"
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
-msgstr "Atribut accountExpires de l'AD"
+msgstr "L'atribut accountExpires de l'AD"
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
-msgstr "Atribut userAccountControl de l'AD"
+msgstr "L'atribut userAccountControl de l'AD"
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
-msgstr "Atribut nsAccountLock"
+msgstr "L'atribut nsAccountLock"
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
-msgstr "Atribut loginDisabled del NDS"
+msgstr "L'atribut loginDisabled del NDS"
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
-msgstr "Atribut del NDS de loginExpirationTime"
+msgstr "L'atribut loginExpirationTime del NDS"
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
-msgstr "Atribut loginAllowedTimeMap del NDS"
+msgstr "L'atribut loginAllowedTimeMap del NDS"
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
-msgstr "Atribut de la clau pública SSH"
+msgstr "L'atribut clau pública SSH"
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
-msgstr ""
+msgstr "atribut que llista els tipus permesos d'autenticació per a un usuari"
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
-msgstr ""
+msgstr "atribut que conté el certificat X509 de l'usuari"
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
+"Una llista dels atributs extres per baixar juntament amb l'entrada de "
+"l'usuari"
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr "DN base per a la recerca del grup"
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
-msgstr "Objectclass per grups"
+msgstr "L'objectclass per als grups"
-#: src/config/SSSDConfig/__init__.py.in:319
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr "Nom del grup"
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr "Contrasenya del grup"
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
-msgstr "Atribut GID"
+msgstr "L'atribut GID"
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
-msgstr "Atribut de membre del grup"
+msgstr "L'atribut membre del grup"
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
-msgstr "Atribut UUID del grup"
+msgstr "L'atribut UUID del grup"
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
-msgstr "Atribut de data de modificació per als grups"
+msgstr "L'atribut data de modificació per als grups"
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
-msgstr ""
+msgstr "Tipus del grup i altres senyals"
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:342
+#, fuzzy
+msgid "The LDAP group external member attribute"
+msgstr "L'atribut membres del grup de xarxa"
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr "Nivell màxim d'encadenament que seguirà l'SSSd"
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
-msgstr "DN base per a la recerca del grups de xarxa"
+msgstr "DN base per a la recerca del grup de xarxa"
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
-msgstr "Objectclass per grups de xarxa"
+msgstr "L'objectclass per als grups de xarxa"
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr "Nom de grup de xarxa"
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
-msgstr "Atribut dels membres del grup de xarxa"
+msgstr "L'atribut membres del grup de xarxa"
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
-msgstr "Atribut triple del grup de xarxa"
+msgstr "L'atribut triple del grup de xarxa"
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
-msgstr "Atribut de data de modificació per als grups de xarxa"
+msgstr "L'atribut data de modificació per als grups de xarxa"
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr "DN base per a la recerca del servei"
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
-msgstr "Objectclass per serveis"
+msgstr "Objectclass per als serveis"
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
-msgstr "Atribut del nom del servei"
+msgstr "L'atribut nom del servei"
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
-msgstr "Atribut del port del servei"
+msgstr "L'atribut port del servei"
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
-msgstr "Atribut del protocol del servei"
+msgstr "L'atribut protocol del servei"
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr "Límit inferior per a l'assignació d'id."
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr "Límit superior per a l'assignació d'id."
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr "Nombres d'id. per cada porció en l'assignació d'id."
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr "Utilitza l'algoritme compatible d'autorid per a l'assignació d'id."
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr "Nom del domini per defecte per a l'assignació d'id."
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr "SID del domini per defecte per a l'assignació d'id."
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr "Utilitza LDAP_MATCHING_RULE_IN_CHAIN per a la recerca del grup"
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
-msgstr "Utilitza LDAP_MATCHING_RULE_IN_CHAIN per a la recerca de l'initgroup"
+msgstr "Utilitza LDAP_MATCHING_RULE_IN_CHAIN per a la recerca del grup inicial"
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
-msgstr ""
+msgstr "Si s'utilitzen els grups amb testimonis"
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
-msgstr ""
+msgstr "Estableix el límit inferior per als id. permesos del servidor LDAP"
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
-msgstr ""
+msgstr "Estableix el límit superior per als id. permesos del servidor LDAP"
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr "DN per a les consultes ppolicy"
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:374
+msgid "How many maximum entries to fetch during a wildcard request"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
-msgstr "Política per avaluar l'expiració de contrasenya"
+msgstr "Política per avaluar el venciment de la contrasenya"
-#: src/config/SSSDConfig/__init__.py.in:363
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
"Quins atributs s'haurien d'utilitzar per avaluar si el compte ha vençut"
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr "Quines regles s'haurien d'utilitzar per avaluar el control d'accés"
-#: src/config/SSSDConfig/__init__.py.in:367
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
-msgstr "L'URI d'un servidor LDAP on es permeten els canvis de contrasenya"
+msgstr "URI d'un servidor LDAP on es permeten els canvis de contrasenya"
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
-msgstr "URI d'un servidor LDAP reserva on es permet canvis de contrasenya"
+msgstr ""
+"URI d'un servidor LDAP de reserva on es permeten els canvis de contrasenya"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr "Nom del servei DNS pel servidor LDAP de canvi de contrasenyes"
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
@@ -1195,23 +1289,23 @@ msgstr ""
"Si s'actualitza l'atribut ldap_user_shadow_last_change després d'un canvi de "
"contrasenya"
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr "DN base per a la recerca de les regles sudo"
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr "Període d'actualització automàtica completa"
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr "Període d'actualització automàtica intel·ligent"
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr "Si es filtren les regles per nom d'amfitrió, adreça IP i xarxa"
-#: src/config/SSSDConfig/__init__.py.in:377
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
@@ -1219,293 +1313,295 @@ msgstr ""
"Noms d'amfitrió i/o noms de domini plenament qualificat d'aquesta màquina "
"per filtrar les regles de sudo"
-#: src/config/SSSDConfig/__init__.py.in:378
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
"Adreces IPv4 o IPv6 o xarxa d'aquesta màquina per filtrar regles de sudo"
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-"Si s'inclouen les regles que contenen el netgroup a l'atribut de l'amfitrió"
+"Si s'inclouen les regles que contenen el grup de xarxa a l'atribut de "
+"l'amfitrió"
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
"Si s'inclouen les regles que contenen expressions regulars a l'atribut de "
"l'amfitrió"
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr "Objectclass de les regles sudo"
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr "Nom de la regla sudo"
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr "Attribut command de la regla sudo"
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
-msgstr "Atribut host de la regla sudo"
+msgstr "L'atribut host de la regla sudo"
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
-msgstr "Atribut user de la regla sudo"
+msgstr "L'atribut user de la regla sudo"
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
-msgstr "Atribut option de la regla sudo"
+msgstr "L'atribut option de la regla sudo"
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
-msgstr "Atribut runas de la regla sudo"
+msgstr "L'atribut runas de la regla sudo"
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
-msgstr "Atribut runasuser de la regla sudo"
+msgstr "L'atribut runasuser de la regla sudo"
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
-msgstr "Atribut runasgroup de la regla sudo"
+msgstr "L'atribut runasgroup de la regla sudo"
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
-msgstr "Atribut notbefore de la regla sudo"
+msgstr "L'atribut notbefore de la regla sudo"
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
-msgstr "Atribut notafter de la regla sudo"
+msgstr "L'atribut notafter de la regla sudo"
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
-msgstr "Atribut order de la regla sudo"
+msgstr "L'atribut order de la regla sudo"
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
-msgstr "Objectclass per a l'assignació automounter"
+msgstr "Objectclass per a les assignacions de l'eina de muntatge automàtic"
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
-msgstr "Atribut del nom de l'assignació automounter"
+msgstr "L'atribut nom de l'assignació de l'eina de muntatge automàtic"
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
-msgstr "Objectclass de les entrades de l'assignació automounter"
+msgstr ""
+"Objectclass per a les entrades de les assignacions de l'eina de muntatge "
+"automàtic"
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
-msgstr "Atribut de la clau d'entrada de l'assignació automounter"
+msgstr ""
+"L'atribut clau d'entrada de l'assignació de l'eina de muntatge automàtic"
-#: src/config/SSSDConfig/__init__.py.in:399
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
-msgstr "Atribut del valor de l'entrada de l'assignació automounter"
+msgstr ""
+"L'atribut valor de l'entrada de l'assignació l'eina de muntatge automàtic"
-#: src/config/SSSDConfig/__init__.py.in:400
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
-msgstr "DN base per a la recerca de l'assignació automounter"
+msgstr ""
+"DN base per a la recerca de l'assignació de l'eina de muntatge automàtic"
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr "Llista separada per comes dels usuaris autoritzats"
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr "Llista separada per comes dels usuaris no autoritzats"
-#: src/config/SSSDConfig/__init__.py.in:407
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr "El shell predeterminat, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:408
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
-msgstr "Base pels directoris d'usuari"
+msgstr "Base per als directoris inicials"
-#: src/config/SSSDConfig/__init__.py.in:411
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr "El nom de la biblioteca NSS a utilitzar"
-#: src/config/SSSDConfig/__init__.py.in:412
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-"Si se cerca el nom del grup canònic des de la memòria auxiliar, si és "
-"possible"
+"Si se cerca el nom del grup canònic des de la memòria cau, si és possible"
-#: src/config/SSSDConfig/__init__.py.in:415
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr "Pila PAM a utilitzar"
-#: src/monitor/monitor.c:2838
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr "Esdevé un dimoni (per defecte)"
-#: src/monitor/monitor.c:2840
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr "Executa en mode interactiu (no com a dimoni)"
-#: src/monitor/monitor.c:2842 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
-msgstr "Especifica un fitxer de configuració diferent al per defecte"
+msgstr "Especifica un fitxer de configuració diferent del predeterminat"
-#: src/monitor/monitor.c:2844
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr "Imprimeix el número de versió i surt"
-#: src/providers/krb5/krb5_child.c:2592 src/providers/ldap/ldap_child.c:609
-#: src/util/util.h:110
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr "Nivell de depuració"
-#: src/providers/krb5/krb5_child.c:2594 src/providers/ldap/ldap_child.c:611
-#: src/util/util.h:116
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
-msgstr "Afegeix marques de temps de depuració"
+msgstr "Afegeix les marques temporals de depuració"
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:613
-#: src/util/util.h:118
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
-msgstr "Mostra les marques de temps amb microsegons"
+msgstr "Mostra les marques temporals amb microsegons"
-#: src/providers/krb5/krb5_child.c:2598 src/providers/ldap/ldap_child.c:615
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr "Un descriptor de fitxer obert pels registres de depuració"
-#: src/providers/krb5/krb5_child.c:2601 src/providers/ldap/ldap_child.c:617
-#: src/util/util.h:114
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr "Envia directament la sortida de depuració al stderr."
-#: src/providers/krb5/krb5_child.c:2603
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
-msgstr ""
+msgstr "L'usuari amb què es crea la ccache FAST"
-#: src/providers/krb5/krb5_child.c:2605
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
-msgstr ""
+msgstr "El grup amb què es crea la ccache FAST"
-#: src/providers/data_provider_be.c:2833
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr "Domini del proveïdor d'informació (obligatori)"
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
-msgstr "El sòcol privilegiat té els permisos o la propietat incorrectes."
+msgstr "El sòcol amb privilegis té malament els permisos o el propietari."
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
-msgstr "El sòcol públic té els permisos o la propietat incorrectes."
+msgstr "El sòcol públic té malament els permisos o el propietari."
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
-msgstr "Format inesperat del missatge de credencials del servidor."
+msgstr "Format inesperat del missatge de les credencials del servidor."
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr "L'SSSD no s'està executant com a root."
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
-msgstr "Ha ocorregut un error però no es pot trobar cap descripció."
+msgstr "S'ha produït un error però no s'ha pogut trobar cap descripció."
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr "Error inesperat en cercar una descripció de l'error"
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
-msgstr ""
+msgstr "Permís denegat."
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:728
-#: src/sss_client/pam_sss.c:739
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr "Missatge del servidor: "
-#: src/sss_client/pam_sss.c:246
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr "Les contrasenyes no coincideixen"
-#: src/sss_client/pam_sss.c:434
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
-msgstr "La reinicialització de la contrasenya pel root no està suportada."
+msgstr "No s'admet el restabliment de la contrasenya pel root."
-#: src/sss_client/pam_sss.c:475
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
-msgstr "S'ha autenticat amb credencials en la memòria auxiliar"
+msgstr "S'ha autenticat amb credencials de la memòria cau"
-#: src/sss_client/pam_sss.c:476
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
-msgstr ", la vostra contrasenya en memòria auxiliar expirarà el: "
+msgstr ", la vostra contrasenya en memòria cau vencerà el: "
-#: src/sss_client/pam_sss.c:506
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-"La seva contrasenya ha expirat. Teniu %1$d inici(s) de sessió de gràcia "
-"restants."
+"La vostra contrasenya ha vençut. Teniu %1$d inicis de sessió restants de "
+"cortesia."
-#: src/sss_client/pam_sss.c:552
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
-msgstr "La vostra contrasenya expirarà en %1$d %2$s."
+msgstr "La vostra contrasenya vencerà en %1$d %2$s."
-#: src/sss_client/pam_sss.c:601
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr "S'ha denegat l'autenticació fins: "
-#: src/sss_client/pam_sss.c:622
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
-msgstr ""
-"El sistema es troba fora de línia, el canvi de contrasenya no és possible"
+msgstr "El sistema està desconnectat, el canvi de contrasenya no és possible"
-#: src/sss_client/pam_sss.c:637
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
msgstr ""
+"Després de canviar la contrasenya OTP, heu de tancar la sessió i tornar-la a "
+"iniciar per tal d'adquirir un tiquet"
-#: src/sss_client/pam_sss.c:725 src/sss_client/pam_sss.c:738
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr "Ha fallat el canvi de contrasenya."
-#: src/sss_client/pam_sss.c:1354
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr "Nova contrasenya: "
-#: src/sss_client/pam_sss.c:1355
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
-msgstr "Re-introduïu la nova contrasenya: "
+msgstr "Torneu a introduir la nova contrasenya: "
-#: src/sss_client/pam_sss.c:1459
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
-msgstr ""
+msgstr "Primer factor:"
-#: src/sss_client/pam_sss.c:1460
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
-msgstr ""
+msgstr "Segon factor:"
-#: src/sss_client/pam_sss.c:1462
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr "Contrasenya: "
-#: src/sss_client/pam_sss.c:1502
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr "Contrasenya actual: "
-#: src/sss_client/pam_sss.c:1701
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
-msgstr "La contrasenya ha expirat. Canviau la vostra contrasenya ara."
+msgstr "La contrasenya ha vençut. Canvieu ara la vostra contrasenya."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
-msgstr "El nivell de depuració amb el que executar-se"
+msgstr "El nivell de depuració amb què s'executa"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196
@@ -1516,7 +1612,7 @@ msgstr "El domini SSSD a utilitzar"
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr "S'ha produït un error en establir la configuració regional\n"
@@ -1538,7 +1634,7 @@ msgstr "El port a utilitzar per connectar-se a l'amfitrió"
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238
msgid "Invalid port\n"
-msgstr "Port invàlid\n"
+msgstr "Port no vàlid\n"
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243
msgid "Host not specified\n"
@@ -1550,15 +1646,15 @@ msgstr "El camí a l'ordre proxy ha de ser absolut\n"
#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
msgid "The UID of the user"
-msgstr "El UID de l'usuari"
+msgstr "L'UID de l'usuari"
#: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50
msgid "The comment string"
-msgstr "La cadena de comentari"
+msgstr "La cadena del comentari"
#: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51
msgid "Home directory"
-msgstr "Directori d'usuari"
+msgstr "El directori inicial"
#: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52
msgid "Login shell"
@@ -1566,7 +1662,7 @@ msgstr "El shell de l'inici de sessió"
#: src/tools/sss_useradd.c:53
msgid "Groups"
-msgstr "Grups"
+msgstr "Els grups"
#: src/tools/sss_useradd.c:54
msgid "Create user's directory if it does not exist"
@@ -1574,15 +1670,15 @@ msgstr "Crea el directori de l'usuari si no existeix"
#: src/tools/sss_useradd.c:55
msgid "Never create user's directory, overrides config"
-msgstr "No creis mai el directori de l'usuari, substitueix la configuració"
+msgstr "No creïs mai el directori de l'usuari, substitueix la configuració"
#: src/tools/sss_useradd.c:56
msgid "Specify an alternative skeleton directory"
-msgstr "Especifica un directori d'esquelet alternatiu"
+msgstr "Especifica un directori esquemàtic alternatiu"
#: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:60
msgid "The SELinux user for user's login"
-msgstr "L'usuari SELinux per l'inici de sessió de l'usuari"
+msgstr "L'usuari de SELinux per a l'inici de sessió de l'usuari"
#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
#: src/tools/sss_usermod.c:92
@@ -1599,8 +1695,7 @@ msgstr "Especifica l'usuari a afegir\n"
#: src/tools/sss_usermod.c:162
msgid "Error initializing the tools - no local domain\n"
msgstr ""
-"S'ha produït un error en inicialitzar les eines - no hi ha cap domini "
-"local\n"
+"S'ha produït un error en inicialitzar les eines - no hi ha cap domini local\n"
#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
@@ -1614,7 +1709,7 @@ msgstr "S'ha produït un error en inicialitzar les eines\n"
#: src/tools/sss_groupshow.c:708 src/tools/sss_userdel.c:209
#: src/tools/sss_usermod.c:173
msgid "Invalid domain specified in FQDN\n"
-msgstr "S'ha especificat un domini invàlid al FQDN\n"
+msgstr "S'ha especificat un domini no vàlid al FQDN\n"
#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:197
@@ -1625,7 +1720,7 @@ msgstr "S'ha produït un error intern en analitzar els paràmetres\n"
#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:206
#: src/tools/sss_usermod.c:235
msgid "Groups must be in the same domain as user\n"
-msgstr "Els grups han d'ésser al mateix domini que l'usuari\n"
+msgstr "Els grups han d'estar al mateix domini que l'usuari\n"
#: src/tools/sss_useradd.c:159
#, c-format
@@ -1642,7 +1737,7 @@ msgstr "L'UID seleccionat es troba fora de l'interval permès\n"
#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:305
msgid "Cannot set SELinux login context\n"
-msgstr "No es pot establir el context d'inici de sessió de SELinux\n"
+msgstr "No es pot establir el context de l'inici de sessió de SELinux\n"
#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
@@ -1651,13 +1746,13 @@ msgstr "No es pot obtenir la informació sobre l'usuari\n"
#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-"El directori d'usuari ja existeix, no es copiaran les dades del directori "
-"esquelet\n"
+"El directori inicial de l'usuari ja existeix, no es copiaran les dades del "
+"directori esquemàtic\n"
#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
-msgstr "No es pot crear el directori de l'usuari: %1$s\n"
+msgstr "No es pot crear el directori inicial de l'usuari: %1$s\n"
#: src/tools/sss_useradd.c:250
#, c-format
@@ -1666,11 +1761,11 @@ msgstr "No es pot crear la gestió de cues del correu de l'usuari: %1$s\n"
#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
-msgstr "No s'ha pogut assignar un ID per l'usuari - és ple el domini?\n"
+msgstr "No s'ha pogut assignar un id. per a l'usuari - domini ple?\n"
#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
-msgstr "Ja existeix un usuari o grup amb el mateix nom o ID\n"
+msgstr "Ja existeix un usuari o grup amb el mateix nom o id.\n"
#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
@@ -1690,7 +1785,7 @@ msgstr "El GID seleccionat està fora de l'interval permès\n"
#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
-msgstr "No s'ha pogut assignar un ID pel grup - és ple el domini?\n"
+msgstr "No s'ha pogut assignar un id. pel grup - domini ple?\n"
#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
@@ -1703,7 +1798,7 @@ msgstr ""
#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
-msgstr "Especificau el grup a eliminar\n"
+msgstr "Especifiqueu el grup a eliminar\n"
#: src/tools/sss_groupdel.c:104
#, c-format
@@ -1717,14 +1812,16 @@ msgstr "El grup %1$s està fora de l'interval d'id. definit pel domini\n"
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
+"Ha fallat la sol·licitud NSS (%1$d). L'entrada podria romandre en la memòria "
+"cau.\n"
#: src/tools/sss_groupdel.c:132
msgid ""
-"No such group in local domain. Removing groups only allowed in local domain."
-"\n"
+"No such group in local domain. Removing groups only allowed in local "
+"domain.\n"
msgstr ""
-"No existeix el grup al domini local. L'eliminació de grups només es permet "
-"al domini local.\n"
+"No existeix el grup al domini local. L'eliminació dels grups només està "
+"permesa al domini local.\n"
#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
@@ -1732,15 +1829,15 @@ msgstr "S'ha produït un error intern. No s'ha pogut eliminar el grup.\n"
#: src/tools/sss_groupmod.c:44
msgid "Groups to add this group to"
-msgstr "Grups als que afegir aquest grup"
+msgstr "Els grups per afegir aquest grup"
#: src/tools/sss_groupmod.c:46
msgid "Groups to remove this group from"
-msgstr "Grups dels que s'ha d'eliminar aquest grup"
+msgstr "Els grups per eliminar aquest grup"
#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:100
msgid "Specify group to remove from\n"
-msgstr "Especifica el grup del que s'ha d'eliminar\n"
+msgstr "Especifica el grup del qual s'ha d'eliminar\n"
#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
@@ -1756,7 +1853,7 @@ msgstr ""
#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
-msgstr "Els grups membres han d'esser al mateix domini que els grups pare\n"
+msgstr "Els grups membres han d'estar al mateix domini com a grup primari\n"
#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
#: src/tools/sss_usermod.c:214 src/tools/sss_usermod.c:243
@@ -1771,13 +1868,14 @@ msgstr ""
#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
-"No s'ha pogut modificar el grup - comprovau si els noms dels membres del "
-"grup són correctes\n"
+"No s'ha pogut modificar el grup - comproveu que els noms dels grups membres "
+"siguin correctes\n"
#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr ""
-"No s'ha pogut modificar el grup - comprovau si el nom de grup és correcte\n"
+"No s'ha pogut modificar el grup - comproveu que el nom de grup sigui "
+"correcte\n"
#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
@@ -1805,21 +1903,25 @@ msgstr "%1$sUsuaris membre: "
#: src/tools/sss_groupshow.c:610
#, c-format
-msgid "\n"
+msgid ""
+"\n"
"%1$sIs a member of: "
-msgstr "\n"
+msgstr ""
+"\n"
"%1$sÉs un membre de: "
#: src/tools/sss_groupshow.c:617
#, c-format
-msgid "\n"
+msgid ""
+"\n"
"%1$sMember groups: "
-msgstr "\n"
-"%1$sGrups membre: "
+msgstr ""
+"\n"
+"%1$sGrups membres: "
#: src/tools/sss_groupshow.c:653
msgid "Print indirect group members recursively"
-msgstr "Imprimeix els membres de grup indirectes recursivament"
+msgstr "Imprimeix els membres dels grups indirectes amb recursivitat"
#: src/tools/sss_groupshow.c:687
msgid "Specify group to show\n"
@@ -1827,11 +1929,11 @@ msgstr "Especifica el grup a mostrar\n"
#: src/tools/sss_groupshow.c:727
msgid ""
-"No such group in local domain. Printing groups only allowed in local domain."
-"\n"
+"No such group in local domain. Printing groups only allowed in local "
+"domain.\n"
msgstr ""
-"No s'ha trobat el grup al domini local. L'impressió de grups només es permet "
-"al domini local.\n"
+"No s'ha trobat el grup al domini local. La impressió dels grups només està "
+"permesa al domini local.\n"
#: src/tools/sss_groupshow.c:732
msgid "Internal error. Could not print group.\n"
@@ -1839,11 +1941,11 @@ msgstr "S'ha produït un error intern. No es pot imprimir el grup.\n"
#: src/tools/sss_userdel.c:136
msgid "Remove home directory and mail spool"
-msgstr "Elimina el directori d'usuari i la gestió de cues de correu"
+msgstr "Elimina el directori inicial i la gestió de cues del correu"
#: src/tools/sss_userdel.c:138
msgid "Do not remove home directory and mail spool"
-msgstr "No eliminis el directori d'usuari i la gestió de cues de correu"
+msgstr "No eliminis el directori inicial i la gestió de cues del correu"
#: src/tools/sss_userdel.c:140
msgid "Force removal of files not owned by the user"
@@ -1870,8 +1972,8 @@ msgstr "No es pot reiniciar el context d'inici de sessió de SELinux\n"
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
-"ATENCIÓ: L'usuari (uid %1$lu) encara estava en la sessió quan es va eliminar."
-"\n"
+"ATENCIÓ: L'usuari (uid %1$lu) encara estava en la sessió quan es va "
+"eliminar.\n"
#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
@@ -1887,24 +1989,23 @@ msgstr ""
#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
-msgstr "La comanda post-eliminació ha fallat: %1$s\n"
+msgstr "L'ordre post-delete ha fallat: %1$s\n"
#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
-msgstr ""
-"No s'ha eliminat el directori de l'usuari - no és propietat de l'usuari\n"
+msgstr "No s'ha eliminat el directori inicial - no és propietat de l'usuari\n"
#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
-msgstr "No es pot eliminar el directori d'usuari: %1$s\n"
+msgstr "No es pot eliminar el directori inicial: %1$s\n"
#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
-"No s'ha trobat l'usuari al domini local. L'eliminació d'usuaris només es "
-"permet al domini local.\n"
+"No s'ha trobat l'usuari al domini local. L'eliminació d'usuaris dels grups "
+"només està permesa al domini local.\n"
#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
@@ -1916,11 +2017,11 @@ msgstr "El GID de l'usuari"
#: src/tools/sss_usermod.c:53
msgid "Groups to add this user to"
-msgstr "Grups als que afegir aquest usuari"
+msgstr "Els grups per afegir aquest usuari"
#: src/tools/sss_usermod.c:54
msgid "Groups to remove this user from"
-msgstr "Grups dels que eliminar aquest usuari"
+msgstr "Els grups per eliminar aquest usuari"
#: src/tools/sss_usermod.c:55
msgid "Lock the account"
@@ -1932,17 +2033,20 @@ msgstr "Desbloqueja aquest compte"
#: src/tools/sss_usermod.c:57
msgid "Add an attribute/value pair. The format is attrname=value."
-msgstr ""
+msgstr "Afegeix una parella atribut/valor. El format és nomatribut=valor."
#: src/tools/sss_usermod.c:58
msgid "Delete an attribute/value pair. The format is attrname=value."
-msgstr ""
+msgstr "Elimina una parella atribut/valor. El format és nomatribut=valor."
#: src/tools/sss_usermod.c:59
msgid ""
"Set an attribute to a name/value pair. The format is attrname=value. For "
"multi-valued attributes, the command replaces the values already present"
msgstr ""
+"Estableix un atribut a una parella atribut/valor. El format és "
+"nomatribut=valor. Per als atributs amb múltiples valors, l'ordre substitueix "
+"els valors ja presents."
#: src/tools/sss_usermod.c:117 src/tools/sss_usermod.c:126
#: src/tools/sss_usermod.c:135
@@ -1964,7 +2068,7 @@ msgstr ""
#: src/tools/sss_usermod.c:322
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
-"No s'ha pogut modificar l'usuari - comprovau si els noms dels grups són "
+"No s'ha pogut modificar l'usuari - comproveu que els noms dels grups siguin "
"correctes\n"
#: src/tools/sss_usermod.c:326
@@ -1976,91 +2080,103 @@ msgid "Transaction error. Could not modify user.\n"
msgstr ""
"S'ha produït un error en la transacció. No s'ha pogut modificar l'usuari.\n"
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
-msgstr ""
-"Cap objecte de la memòria auxiliar ha coincidit amb la cerca especificada\n"
+msgstr "Cap objecte de la memòria cau ha coincidit amb la cerca especificada\n"
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr "No s'ha pogut invalidar %1$s\n"
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr "No s'ha pogut invalidar %1$s %2$s\n"
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
-msgstr ""
-"Invalida totes les entrades de la memòria auxiliar amb l'excepció de les "
-"regles sudo"
+#: src/tools/sss_cache.c:644
+#, fuzzy
+msgid "Invalidate all cached entries"
+msgstr "Invalida tots els serveis"
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
-msgstr "Invalida l'usuari particular"
+msgstr "Invalida un usuari determinat"
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr "Invalida tots els usuaris"
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
-msgstr "Invalida el grup particular"
+msgstr "Invalida un grup determinat"
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr "Invalida tots els grups"
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
-msgstr "Invalida el grup de xarxa particular"
+msgstr "Invalida un grup de xarxa determinat"
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr "Invalida tots els grups de xarxa"
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
-msgstr "Invalida el servei particular"
+msgstr "Invalida un servei determinat"
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr "Invalida tots els serveis"
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
-msgstr "Invalida un assignació autofs específica"
+msgstr "Invalida una assignació autofs determinada"
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr "Invalida totes les assignacions autofs"
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
-msgstr "Invalida un determinat amfitrió SSH"
+msgstr "Invalida un amfitrió SSH determinat"
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr "Invalida tots els amfitrions SSH"
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+#, fuzzy
+msgid "Invalidate particular sudo rule"
+msgstr "Invalida un usuari determinat"
+
+#: src/tools/sss_cache.c:677
+#, fuzzy
+msgid "Invalidate all cached sudo rules"
+msgstr ""
+"Invalida totes les entrades de la memòria cau amb l'excepció de les regles "
+"sudo"
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
-msgstr "Invalida les entrades només d'un domini particular"
+msgstr "Invalida les entrades només d'un domini determinat"
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
-msgstr "Si us plau, seleccionau al menys un objecte a invalidar\n"
+msgstr "Si us plau, seleccioneu almenys un objecte a invalidar\n"
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
+"No es pot obrir el domini %1$s. Si el domini és un subdomini (domini de "
+"confiança), utilitzeu el FQN en lloc del paràmetre --domain/-d.\n"
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr "No s'han pogut obrir els dominis disponibles\n"
@@ -2079,9 +2195,9 @@ msgstr "Tan sols s'esperava un argument\n"
#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
-msgstr ""
+msgstr "El nom '%1$s' no sembla un FQDN ('%2$s = TRUE' està establert)\n"
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr "Sense memòria\n"
@@ -2090,14 +2206,13 @@ msgstr "Sense memòria\n"
msgid "%1$s must be run as root\n"
msgstr "S'ha d'executar %1$s com a root\n"
-#: src/util/util.h:112
-msgid "Send the debug output to files instead of stderr"
-msgstr "Envia la sortida de depuració a fitxers en lloc del stderr"
-
-#: src/util/util.h:182
+#: src/util/util.h:78
msgid "The user ID to run the server as"
-msgstr ""
+msgstr "L'id. d'usuari amb què s'executa el servidor"
-#: src/util/util.h:184
+#: src/util/util.h:80
msgid "The group ID to run the server as"
-msgstr ""
+msgstr "L'id. de grup amb què s'executa el servidor"
+
+#~ msgid "Send the debug output to files instead of stderr"
+#~ msgstr "Envia la sortida de depuració a fitxers en lloc del stderr"
diff --git a/po/de.po b/po/de.po
index e89d21f5e..0d6f6bb4c 100644
--- a/po/de.po
+++ b/po/de.po
@@ -10,7 +10,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
"PO-Revision-Date: 2014-06-08 11:50-0400\n"
"Last-Translator: Mario Blättermann <mario.blaettermann@gmail.com>\n"
"Language-Team: German (http://www.transifex.com/projects/p/sssd/language/"
@@ -20,75 +20,80 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr "Ausführlichkeitsstufe der Fehlerdiagnose festlegen"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr "Zeitstempel in Fehlerdiagnoseprotokollen einschließen"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr "Mikrosekunden in Zeitstempeln der Debug-Protokolle einschließen"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr "Fehlerdiagnosemeldungen in Protokolldateien schreiben"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr "Ping-Zeitspanne vor dem Neustart des Dienstes"
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
"Zeitspanne zwischen der dritten fehlgeschlagenen Ping-Prüfung und dem "
"erzwungenen Beenden des Dienstes"
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr "Befehl zum Starten des Dienstes"
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr "Anzahl der Verbindungsversuche zum Datenanbieter"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
"Die Anzahl der Dateideskriptoren, die durch diesen Responder geöffnet werden "
"dürfen"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr "Untätige Zeit vor der automatischen Verbindungstrennung eines Clients "
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr "SSSD-Dienste zum Starten"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr "SSSD-Domains zum Starten"
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr "Zeitüberschreitung für Meldungen, die über SBUS gesendet werden"
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr "Regulärer Ausdruck zum Verarbeiten von Benutzername und Domain"
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
"Printf-kompatibles Format für die Darstellung voll ausgeschriebener Namen"
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -96,75 +101,85 @@ msgstr ""
"Verzeichnis im Dateisystem, in welchem SSSD Anwort-Zwischenspeicher-Dateien "
"ablegt."
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr "Domain, die zu Namen ohne Domain-Komponente hinzugefügt werden soll."
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:65
+#, fuzzy
+msgid "Tune certificate verification"
+msgstr "TLS-Zertifikatüberprüfung erforderlich machen"
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr "Zeitspanne für den Aufzählungs-Zwischenspeicher (Sekunden)"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
"Zeitspanne für die Aktualisierung des Eintrags-Zwischenspeichers (Sekunden)"
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr "Zeitspanne für den negativen Zwischenspeicher (Sekunden)"
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+#, fuzzy
+msgid "Files negative cache timeout length (seconds)"
+msgstr "Zeitspanne für den negativen Zwischenspeicher (Sekunden)"
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr "Benutzer, die SSSD ausdrücklich ignorieren soll"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr "Gruppen, die SSSD ausdrücklich ignorieren soll"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr "Anzeige von gefilterten Benutzern in Gruppen"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr ""
"Der Wert des Passwort-Feldes, das der NSS-Dienstanbieter zurückgeben sollte"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr ""
"homedir-Wert des Identitäts-Anbieters wird durch diesen Wert außer Kraft "
"gesetzt"
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
"Leerer homedir-Wert des Identitäts-Anbieters wird durch diesen Wert ersetzt"
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr ""
"Shell-Wert des Identitäts-Anbieters wird durch diesen Wert außer Kraft "
"gesetzt"
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr "Liste der Shells, mit denen sich der Benutzer anmelden darf"
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
"Die Liste der Shells, die abgewiesen und durch eine Ausweich-Shell ersetzt "
"werden"
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -172,29 +187,29 @@ msgstr ""
"Falls eine Shell im zentralen Verzeichnis zugelassen, aber nicht verfügbar "
"ist, wird auf diese ausgewichen"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr "Zu verwendende Shell, wenn der Anbieter keine auflistet"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr "Gültigkeitsdauer der speichereigenen Zwischenspeicher-Datensätze"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Gibt die Anzahl der Tage an, für die zwischengespeicherte Anmeldungen "
"zwischen Online-Anmeldungen zulässig sind"
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr "Anzahl der zulässigen fehlgeschlagenen Anmeldungen im Offline-Modus"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -202,56 +217,68 @@ msgstr ""
"Zeitspanne in Minuten, nach der die Anmeldung verweigert wird, wenn "
"offline_failed_login_attempts erreicht wurde"
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
"Gibt die Art der Meldungen an, die dem Benutzer während der "
"Authentifizierung angezeigt werden"
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
"Anzahl der Sekunden, die zwischengespeicherte PAM-Anfragen aufbewahrt werden "
"sollen"
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
"Gibt die Anzahl der Tage vor dem Ablauf des Passworts an, bis eine Warnung "
"angezeigt wird"
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+msgid "Message printed when user account is locked."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
"Gibt an, ob zeitbasierte Attribute in Sudo-Regeln berechnet werden sollen"
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
"Gibt an, ob Prüfsummen von Hostnamen und Adressen in der Datei known_hosts "
"gespeichert werden"
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
@@ -259,226 +286,230 @@ msgstr ""
"Anzahl der Sekunden, die ein Rechner in der Datei known_host behalten werden "
"soll, nachdem dessen Schlüssel abgefragt wurden"
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
#, fuzzy
msgid "Path to storage of trusted CA certificates"
msgstr "Datei, die CA-Zertifikate enthält"
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
"Liste von Benutzer-IDs oder Benutzernamen für den Zugriff auf den PAC-"
"Responder"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
"Liste von Benutzer-IDs oder Benutzernamen für den Zugriff auf den InfoPipe-"
"Responder"
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr "Liste der Benutzerattribute, die InfoPipe veröffentlichen darf"
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr "Identitäts-Anbieter"
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr "Authentifizierungs-Anbieter"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr "Zugriffskontroll-Anbieter"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr "Passwortänderungs-Anbieter"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr "SUDO-Anbieter"
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr "Autofs-Anbieter"
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr "Anbieter für das Laden der Sitzung"
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr "Rechner-Identitäts-Anbieter"
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr "Minimale Benutzer‐ID"
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr "Maximale Benutzer‐ID"
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr "Auflistung aller Benutzer/Gruppen aktivieren"
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr "Zwischengespeicherte Anmeldedaten für Offline-Anmeldung"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr "Passwort-Prüfsummen speichern"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr "Benutzer/Gruppen in voll ausgeschriebener Form anzeigen"
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr "Gruppenmitglieder in Gruppen-Suchanfragen nicht einschließen"
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr "Zeitspanne für den Eintrags-Zwischenspeicher (Sekunden)"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Eine spezifische Adressfamilie beim Ausführen von DNS-Suchanfragen "
"beschränken oder bevorzugen"
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Gibt die Anzahl der Tage an, wie lange zwischengespeicherte Einträge nach "
"der letzten Anmeldung aufbewahrt werden"
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Gibt die Anzahl Sekunden an, wie lange beim Auflösen von Servernamen auf "
"Antworten vom DNS-Dienst gewartet werden soll"
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr "Der Domain-Teil der DNS-Abfrage zur Dienstsuche"
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr ""
"Den Gruppen-ID-Wert des Identitäts-Anbieters mit diesem Wert überschreiben"
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr "Groß-/Kleinschreibung in Benutzernamen berücksichtigen"
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr "Anzahl der Auffrischung abgelaufener Einträge im Hintergrund"
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr "Automatische Aktualisierung des DNS-Eintrags des Clients"
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
"Die auf den DNS-Eintrag des Clients anzuwendende TTL, nachdem dieser "
"aktualisiert wurde"
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"Schnittstelle, deren IP für dynamische DNS-Aktualisierungen verwendet werden "
"soll"
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr "Gibt an, wie oft der DNS-Eintrag des Clients aktualisiert werden soll"
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
"Gibt an, ob der Anbieter den PTR-Datensatz ebenfalls explizit aktualisieren "
"soll"
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr "Gibt an, ob das nsupdate-Dienstprogramm per Vorgabe TCP verwenden soll"
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
"Gibt an, welche Art der Authentifizierung bei der DNS-Aktualisierung "
"verwendet werden soll"
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
#, fuzzy
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
"Gibt an, welche Art der Authentifizierung bei der DNS-Aktualisierung "
"verwendet werden soll"
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr "Aufzählung vertrauenswürdiger Domains steuern"
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr "Anzahl der Auffrischung der Subdomain-Liste"
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr "IPA-Domain"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr "IPA-Serveradresse"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr "Adresse des Ersatz-IPA-Servers"
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr "IPA-Client-Rechnername"
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
"Gibt an, ob der DNS-Eintrag des Clients in FreeIPA automatisch aktualisiert "
"werden soll"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr "Suchbasis für HBAC-bezogene Objekte"
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr "Die Zeitspanne zwischen Suchanfragen der HBAC-Regeln an den IPA-Server"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
@@ -486,340 +517,349 @@ msgstr ""
"Die Zeitspanne in Sekunden zwischen Suchanfragen der SELinux-Zuweisung an "
"den IPA-Server"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
"Falls auf »false« gesetzt, wird das von PAM angegebene Host-Argument "
"ignoriert"
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr "Der Automounter-Ort, den dieser IPA-Client verwendet"
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr ""
"Suchbasis für Objekte, die Informationen über eine IPA-Domain enthalten"
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr "Suchbasis für Objekte, die Informationen über ID-Bereiche enthalten"
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr "DNS-Sites aktivieren – standortbasierte Dienstsuche"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr "Active-Directory-Domain"
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr "Adresse des Active-Directory-Servers"
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr "Adresse des Ersatz-Active-Directory-Servers"
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr "Hostname des Active-Directory-Clients"
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr "LDAP-Filter zum Bestimmen der Zugriffsprivilegien"
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr "Verwendung des globalen Katalogs für Suchvorgänge"
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr "Operationsmodus für GPO-basierte Zuhgriffskontrolle"
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr "Kerberos-Serveradresse"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr "Adresse des Ersatz-Kerberos-Servers"
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr "Kerberos-Realm"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr "Zeitüberschreitung bei Authentifizierung"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr "Gibt an, ob kdcinfo-Dateien angelegt werden"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr "Verzeichnis zum Speichern der Anmeldedaten"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr "Ort des Zwischenspeichers für die Anmeldedaten des Benutzers"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr "Ort der Schlüsseltabelle zum Überprüfen von Anmeldedaten"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr "Validierung der Anmeldedaten aktivieren"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr "Passwort im Offline-Modus für spätere Online-Anmeldung speichern"
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr "Erneuerung der Lebensdauer des TGT"
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr "Lebensdauer des TGT"
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr "Zeitspanne zwischen zwei Prüfungen, ob Erneuerung nötig ist"
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr "Aktiviert FAST"
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr "Wählt den für FAST zu verwendenden Principal aus"
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr "Aktiviert Kanonisierung des Principals"
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr "Enterprise-Principals aktivieren"
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Server, auf dem der Dienst zum Ändern des Passworts läuft, falls nicht KDC"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, die URI des LDAP-Servers"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr "ldap_backup_uri, die URI des LDAP-Servers"
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr "Vorgegebene Basis-DN"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Der vom LDAP-Server verwendete Schema-Typ gemäß RFC2307"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr "Vorgegebene Bind-DN"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr "Typ des Authentifizierungs-Tokens der vorgegebenen Bind-DN"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr "Authentifizierungs-Token für die vorgegebene Bind-DN"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr "Zeitspanne für einen Verbindungsversuch"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Zeitspanne für Versuche zur Ausführung synchroner LDAP-Vorgänge"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
"Zeitspanne zwischen Versuchen zum erneuten Verbindungsaufbau im Offline-Modus"
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr "Nur Großschreibung für Realm-Namen verwenden"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr "Datei, die CA-Zertifikate enthält"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr "Pfad zum CA-Zertifikatverzeichnis"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr "Datei, die das Client-Zertifikat enthält"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr "Datei, die den Client-Schlüssel enthält"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr "Liste der möglichen Verschlüsselungs-Suites"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr "TLS-Zertifikatüberprüfung erforderlich machen"
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr "Zu verwendenden sasl-Mechanismus angeben"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr "Zu verwendende ID für sasl-Authentifizierung angeben"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr "Zu verwendenden Realm für sasl-Authentifizierung angeben"
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr "Gibt den minimalen SSF für die SASL-Authentifizierung über LDAP an"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr "Schlüsseltabelle des Kerberos-Dienstes"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr "Kerberos-Authentifizierung für LDAP-Verbindung verwenden"
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr "LDAP-Verweisen folgen"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr "Lebensdauer von TGT für LDAP-Verbindung"
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr "Dereferenzierung von Aliasen"
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr "Dienstname für DNS-Service-Suchanfragen"
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr "Anzahl der in einer einzelnen LDAP-Abfrage zu holenden Datensätze"
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
"Anzahl der Elemente, die fehlen müssen, um eine vollständige "
"Dereferenzierung auszulösen"
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -827,375 +867,384 @@ msgstr ""
"Gibt an, ob die LDAP-Bibliothek eine Rückwärtssuche ausführen soll, um den "
"Rechnernamen während einer SASL-Bindung zu kanonisieren"
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr "entryUSN-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr "lastUSN-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
"Zeitspanne zum Halten einer Verbindung zum LDAP-Server, bis diese "
"unterbrochen wird"
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr "LDAP-Paging-Steuerung deaktivieren"
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr "Bereichsermittlung für Active Directory deaktivieren"
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr "Zeitspanne zum Warten auf eine Suchanfrage"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr "Zeitspanne zum Warten auf eine Auflistungsanfrage"
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr "Zeitspanne zwischen Auflistungsanfragen"
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr "Zeitspanne zwischen den Leerungen des Zwischenspeichers"
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr "TLS für ID-Suchvorgänge erforderlich machen"
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr "ID-Zuweisung von objectSID anstelle von voreingestellten IDs verwenden"
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr "Basis-DN für Benutzer-Suchanfragen"
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr "Bereich für Benutzer-Suchanfragen"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr "Filter für Benutzer-Suchanfragen"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr "Objektklasse für Benutzer"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr "UID-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr "Primäres GID-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr "GECOS-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr "Home-Verzeichnis-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr "Shell-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr "objectSID -Attribut"
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr "Active-Directory-Primärgruppen-Attribut für ID-Zuweisung"
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr "Principal-Attribut verwenden (für Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr "Vollständiger Name"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr "memberOf-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr "Änderungszeit-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr "shadowLastChange-attribut"
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr "shadowMin-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr "shadowMax Attribut"
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr "shadowWarning-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr "shadowInactive-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr "shadowExpire-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr "shadowFlag-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr "Attribut, welches die autorisierten PAM-Dienste auflistet"
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr "Attribut, welches die autorisierten Server-Hosts auflistet"
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr "krbLastPwdChange-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr "krbPasswordExpiration-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr ""
"Attribut, welches angibt, dass die serverseitigen Passwortregeln aktiv sind"
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr "accountExpires-Attribut von AD"
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr "userAccountControl-Attribut von AD"
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr "nsAccountLock-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr "loginDisabled-Attribut von NDS"
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr "loginExpirationTime-Attribut von NDS"
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "loginAllowedTimeMap-Attribut von NDS"
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr "Attribut für öffentlichen SSH-Schlüssel"
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
"Eine Liste der zusätzlich herunterzuladender Attribute zusammen mit dem "
"Benutzereintrag"
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr "Basis-DN für Gruppen-Suchanfragen"
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr "Objektklasse für Gruppen"
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr "Gruppenname"
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr "Gruppenpasswort"
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr "Gruppen-ID-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr "Gruppen-Mitgliedschafts-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr "Änderungszeit-Attribut für Gruppen"
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr "Typ der Gruppe und weitere Flags"
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+#, fuzzy
+msgid "The LDAP group external member attribute"
+msgstr "Netzgruppen-Mitglieder-Attribut"
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr "Maximale Ebene der Verschachtelung, der SSSd folgt"
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr "Basis-DN für Netzgruppen-Suchanfragen"
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr "Objektklasse für Netzgruppen"
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr "Netzgruppenname"
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr "Netzgruppen-Mitglieder-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr "Netzgruppen-Tripel-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr "Änderungszeit-Attribut für Netzgruppen"
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr "Basis-DN für Dienste-Suchanfragen"
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr "Objektklasse für Dienste"
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr "Name-Attribut des Dienstes"
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr "Port-Attribut des Dienstes"
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr "Protokoll-Attribut des Dienstes"
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr "Untere Grenze für ID-Zuweisung"
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr "Obere Grenze für ID-Zuweisung"
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr "Anzahl der IDs für jeden Teil bei der ID-Zuweisung"
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr "autorid-kompatiblen Algorithmus für ID-Zuweisung verwenden"
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr "Name der Vorgabe-Domain für ID-Zuweisung"
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr "SID der Vorgabedomain für ID-Zuweisung"
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr "LDAP_MATCHING_RULE_IN_CHAIN für Gruppen-Suchanfragen verwenden"
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr "LDAP_MATCHING_RULE_IN_CHAIN für initgroup-Suchanfragen verwenden"
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr "Verwendung von Token-Gruppen"
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr "Untere Grenze für zulässige IDs des LDAP-Servers angeben"
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr "Obere Grenze für zulässige IDs des LDAP-Servers angeben"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr "Regel zum Ermitteln der Ablaufzeit des Passworts"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
"Attribute, die bei der Ermittlung verwendet werden, ob ein Konto abgelaufen "
"ist"
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr "Regeln für die Ermittlung der Zugriffskontrolle"
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr "URI eines LDAP-Servers, wo Passwortänderungen zulässig sind"
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr "URI eines Ersatz-LDAP-Servers, wo Passwortänderungen zulässig sind"
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr "DNS-Dienstname für den LDAP-Passwortänderungsserver"
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
@@ -1203,25 +1252,25 @@ msgstr ""
"Gibt an, ob das Attribut ldap_user_shadow_last_change nach einer "
"Passwortänderung aktualisiert werden soll"
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr "Basis-DN für Suchanfragen nach Sudo-Regeln"
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr "Periode für automatische vollständige Aktualisierung"
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr "Periode für bedingte vollständige Aktualisierung"
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
"Gibt an, ob Regeln nach Hostnamen, IP-Adressen oder Netzwerken gefiltert "
"werden sollen"
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
@@ -1229,249 +1278,245 @@ msgstr ""
"Hostnamen und/oder voll ausgeschriebene Domain-Namen dieses Rechners zum "
"Filtern von Sudo-Regeln"
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
"IPv4- oder IPv6-Adressen oder Netzwerk dieses Rechners zum Filtern von sudo-"
"Regeln"
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
"Gibt an, ob Regeln im Host-Attribut einbezogen werden sollen, die "
"Netzgruppen enthalten"
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
"Gibt an, ob Regeln im Host-Attribut einbezogen werden sollen, die reguläre "
"Ausdrücke enthalten"
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr "Objektklasse für Sudo-Regeln"
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr "Sudo-Regelname"
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr "Befehlsattribut der Sudo-Regel"
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr "Host-Attribut der Sudo-Regel"
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr "Benutzer-Attribut der Sudo-Regel"
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr "Optionsattribut der Sudo-Regel"
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr "runasuser-Attribut der Sudo-Regel"
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr "runasgroup-Attribut der Sudo-Regel"
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr "notbefore-Attribut der Sudo-Regel"
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr "notafter-Attribut der sudo-Regel"
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr "Reihenfolge-Attribut der Sudo-Regel"
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr "Objektklasse für Automounter-Zuweisungen"
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr "Name-Attribut der Automounter-Zuweisung"
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr "Objektklasse für Einträge von Automounter-Zuweisungen"
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr "Schlüssel-Attribut des Automounter-Zuweisungseintrags"
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr "Wert-Attribut des Automounter-Zuweisungseintrags"
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr "Basis-DN für Suchanfragen nach Automounter-Zuweisungen"
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr "Durch Kommata getrennte Liste der erlaubten Benutzer"
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr "Durch Kommata getrennte Liste der verbotenen Benutzer"
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr "Vorgabeshell, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr "Wurzel für Benutzerverzeichnisse"
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr "Name der zu verwendenden NSS-Bibliothek"
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
"Gibt an, ob wenn möglich im Zwischenspeicher nach dem kanonischen "
"Gruppennamen gesucht werden soll"
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr "Zu verwendender PAM-Stapel"
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr "Zum Hintergrunddienst werden (Vorgabe)"
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr "Interaktiv ausführen (nicht als Hintergrunddienst)"
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Angabe einer nicht standardmäßigen Konfigurationsdatei"
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr "Versionsnummer ausgeben und das Programm beenden"
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr "Fehlerdiagnosestufe"
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr "Debug-Zeitstempel hinzufügen"
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr "Zeitstempel mit Mikrosekunden anzeigen"
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr "Offener Dateideskriptor für die Debug-Protokolle"
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr ""
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr ""
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr "Domain des Informationsanbieters (obligatorisch)"
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr "Privilegierter Socket hat falsche Eigentums- oder Zugriffsrechte."
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr "Öffentlicher Socket hat falsche Eigentums- oder Zugriffsrechte."
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr "Unerwartetes Format der Server-Anmeldenachricht."
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr "SSSD wird nicht durch Root ausgeführt."
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr ""
"Ein Fehler ist aufgetreten, aber es kann keine Beschreibung gefunden werden."
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr "Unerwarteter Fehler beim Suchen nach einer Fehlerbeschreibung"
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr ""
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr "Server-Meldung: "
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr "Passwörter stimmen nicht überein"
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr "Das Zurücksetzen des Passworts durch Root wird nicht unterstützt."
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr "Authentifiziert mit zwischengespeicherten Anmeldedaten"
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ", Ihr zwischengespeichertes Passwort läuft ab am: "
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
"Ihr Passwort ist abgelaufen. Ihnen verbleiben nur noch %1$d Anmeldungen."
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr "Ihr Passwort wird in %1$d %2$s ablaufen."
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr "Authentifizierung wird verweigert bis: "
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr "System ist offline, Änderung des Passworts ist nicht möglich"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
@@ -1479,35 +1524,35 @@ msgstr ""
"Nach dem Ändern des OTP-Passworts müssen Sie sich ab- und wieder anmelden, "
"um ein Ticket erhalten zu können"
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr "Änderung des Passworts fehlgeschlagen. "
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr "Neues Passwort: "
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr "Neues Passwort wiederholen: "
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr "Passwort: "
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr "Aktuelles Passwort: "
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr "Passwort ist abgelaufen. Ändern Sie Ihr Passwort jetzt."
@@ -1516,7 +1561,7 @@ msgstr "Passwort ist abgelaufen. Ändern Sie Ihr Passwort jetzt."
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "Stufe, mit der die Fehlerdiagnose ausgeführt werden soll"
@@ -1529,7 +1574,7 @@ msgstr "Die zu verwendende SSSD-Domain"
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr "Fehler beim Setzen der Locale-Einstellung\n"
@@ -1998,83 +2043,94 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr "Transaktionsfehler. Benutzer kann nicht geändert werden.\n"
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr ""
"Kein Objekt im Zwischenspeicher entspricht der angegebenen Suchanfrage\n"
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr ""
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr ""
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
-msgstr ""
-"Alle zwischengespeicherten Einträge mit Ausnahme von Sudo-Regeln annullieren"
+#: src/tools/sss_cache.c:644
+#, fuzzy
+msgid "Invalidate all cached entries"
+msgstr "Alle Dienste annullieren"
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr "Bestimmten Benutzer annullieren"
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr "Alle Benutzer annullieren"
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr "Bestimmte Gruppe annullieren"
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr "Alle Gruppen annullieren"
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr "Bestimmte Netzgruppe annullieren"
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr "Alle Netzgruppen annullieren"
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr "Bestimmten Dienst annullieren"
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr "Alle Dienste annullieren"
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr "Bestimmte autofs-Zuweisung annullieren"
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr "Alle autofs-Zuweisungen annullieren"
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr ""
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr ""
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+#, fuzzy
+msgid "Invalidate particular sudo rule"
+msgstr "Bestimmten Benutzer annullieren"
+
+#: src/tools/sss_cache.c:677
+#, fuzzy
+msgid "Invalidate all cached sudo rules"
+msgstr ""
+"Alle zwischengespeicherten Einträge mit Ausnahme von Sudo-Regeln annullieren"
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr "Nur Einträge einer bestimmten Domain annullieren"
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr "Bitte wählen Sie mindestens ein Objekt für die Annullierung\n"
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
@@ -2084,7 +2140,7 @@ msgstr ""
"(trusted domain) handelt, verwenden Sie den voll ausgeschriebenen Namen "
"anstelle des Parameters --domain/-d.\n"
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr "Verfügbare Domains konnten nicht geöffnet werden\n"
@@ -2105,7 +2161,7 @@ msgstr "Nur ein Argument wurde erwartet\n"
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr "Name »%1$s« scheint kein FQDN zu sein (»%2$s = TRUE« ist gesetzt)\n"
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr "Nicht genügend Speicher\n"
@@ -2114,16 +2170,15 @@ msgstr "Nicht genügend Speicher\n"
msgid "%1$s must be run as root\n"
msgstr "%1$s muss als Root ausgeführt werden\n"
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr ""
-"Debug-Ausgabe in Dateien speichern, anstatt in die Standard-Fehlerausgabe "
-"(stderr) zu senden"
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr ""
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr ""
+
+#~ msgid "Send the debug output to files instead of stderr"
+#~ msgstr ""
+#~ "Debug-Ausgabe in Dateien speichern, anstatt in die Standard-Fehlerausgabe "
+#~ "(stderr) zu senden"
diff --git a/po/es.po b/po/es.po
index a0f6af970..35cc5bfb7 100644
--- a/po/es.po
+++ b/po/es.po
@@ -16,7 +16,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Spanish (http://www.transifex.com/projects/p/sssd/language/"
@@ -26,75 +26,80 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr "Establece el nivel de detalle del registro de depuración"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr "Incluir la marca de tiempo en los registros de depuración"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
"Incluir microsegundos en la marca de tiempo en los registros de depuración"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr "Escribir los mensajes de depuración a archivos log"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr "Tiempo máximo de ping antes de reiniciar el servicio"
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr "Comando para iniciar el servicio"
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
"Número de veces que debe intentar la conexión con los Proveedores de Datos"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr "Servicios SSSD a iniciar"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr "Dominios SSSD a iniciar"
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr "Tiempo máximo para los mensajes enviados a través de SBUS"
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr ""
"Expresión regular para analizar sintácticamente el nombre de usuario y "
"dominio"
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
"Formato compatible con printf para mostrar nombres completamente calificados"
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -102,70 +107,80 @@ msgstr ""
"Directorio en el sistema de archivos donde SSSD debería guardar fichero de "
"reproducción de cache de Kerberos."
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:65
+#, fuzzy
+msgid "Tune certificate verification"
+msgstr "Requiere la verificación de certificado TLS"
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr "Tiempo máximo (segundos) del caché de enumeración"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
"Tiempo máximo (segundos) de la entrada de caché a actualizar en segundo plano"
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr "Tiempo máximo negativo del cache (segundos)"
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+#, fuzzy
+msgid "Files negative cache timeout length (seconds)"
+msgstr "Tiempo máximo negativo del cache (segundos)"
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr "Usuarios que deben ser explícitamente ignorados por SSSD"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr "Grupos que deben ser explícitamente ignorados por SSSD"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr "Deben aparecer los usuarios filtrados en los grupos"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr "El valor del campo contraseña que el proveedor NSS debe devolver"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr ""
"Sustituye valores del directorio personal del proveedor de la identidad con "
"este valor"
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr "Lista de los usuarios de consola habilitados para registrarse"
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
"Lista de consolas que serán vetadas, y reemplazadas por la consola de reserva"
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -173,29 +188,29 @@ msgstr ""
"Si una consola almacenada en el directorio central es permitida pero no se "
"encuentra disponible, utilice esta de reserva"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Por cuánto tiempo permitir ingresos cacheados entre ingresos en línea (días)"
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
"Cuantos intentos de ingreso fallidos se permiten cuando está desconectado"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -203,597 +218,622 @@ msgstr ""
"Cuántos minutos se denegará el ingreso después de que se alcance el máximo "
"de ingresos fallidos offline_failed_login_attempts"
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr "Que clase de mensajes se muestran al usuario durante la autenticación"
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
"Cuanto segundos se mantendrá la información de identidad almacenada para "
"solicitudes de PAM"
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr "Cuanto días se debe mostrar un aviso de expiración de contraseña"
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+msgid "Message printed when user account is locked."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr "Ya sea para evaluar los atributos basados en el tiempo en reglas sudo"
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
#, fuzzy
msgid "Path to storage of trusted CA certificates"
msgstr "Archivo que contiene los certificados CA"
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr "Proveedor de identidad"
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr "Proveedor de Autenticación"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr "Proveedor de control de acceso"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr "Proveedor de cambio de contraseña"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr "Proveedor de SUDO"
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr "Proveedor de Autofs"
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr "Suministrador de carga de sesión"
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr "Suministrador de identidad de host"
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr "ID mínimo de usuario"
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr "ID máximo de usuario"
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr "Habilitar la enumeración de todos los usuarios/grupos"
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr "Hacer caché de las credenciales para ingresos fuera de línea"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr "Guardar los hashes de la contraseña"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr "Mostrar los usuarios/grupos en un formato completamente calificado"
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr "Tiempo máximo de una entrada del caché (segundos)"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Restringir o preferir una familia de direcciones específica, cuando se "
"realicen búsquedas DNS"
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr "Por cuánto tiempo permitir ingresos cacheados luego del último (días)"
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Cantidad de tiempo (en segundos) a esperar respuestas desde DNS cuando se "
"estén resolviendo servidores"
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr "La sección del dominio de la consulta para descubrir servicios DNS"
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr "Sustituye valor GID del proveedor de la identidad con este valor"
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr "Trate al nombre de usuario con mayúsculas y minúsculas"
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"La interfaz cuya IP debería ser utilizada para actualizaciones DNS "
"automáticas"
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr "Dominio IPA"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr "Dirección del servidor IPA"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr "Nombre de equipo del cliente IPA"
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
"Si actualizar o no en forma automática la entrada DNS del cliente en FreeIPA"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr "Búsqueda base para objetos HBAC"
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
"Cantidad de tiempo entre búsquedas de reglas HBAC contra el servidor IPA"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
"Si se lo define en 'false', será ignorado el argumento de equipo ofrecido "
"por PAM"
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr "La ubicación de montaje automático que este cliente de IPA está usando"
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr "Filtro LDAP para determinar privilegios de acceso"
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr "Dirección del servidor Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr "Reinado Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr "Expiración de la autenticación"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr "Directorio donde almacenar las credenciales cacheadas"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr "Ubicación del caché de credenciales del usuario"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr "Ubicación de la tabla de claves para validar las credenciales"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr "Habilitar la validación de credenciales"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr ""
"Si se encuentra desconectado, almacena contraseñas para más tarde realizar "
"una autenticación en línea"
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr "ciclo de vida renovable del TGT"
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr "ciclo de vida del TGT"
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr "tiempo entre dos comprobaciones para renovación "
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr "Habilita FAST"
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr "Selecciona el principal para su uso por FAST"
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr "Habilita canonicalización principal"
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"El servidor en donde está ejecutándose el servicio de modificación de "
"contraseña, en caso de no ser KDC. "
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, El URI del servidor LDAP"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr "DN base predeterminado"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "El Tipo de Esquema a usar en el servidor LDAP, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr "El DN Bind predeterminado"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr "El tipo del token de autenticación del DN bind predeterminado"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr "El token de autenticación del DN bind predeterminado"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr "Tiempo durante el que se intentará la conexión"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Tiempo durante el que se intentará operaciones LDAP sincrónicas"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr "Tiempo entre intentos de reconexión cuando esté fuera de línea"
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr "Use solo el caso superior para nombres reales"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr "Archivo que contiene los certificados CA"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr "Ruta hacia un directorio certificado CA"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr "Fichero que contiene el certificado de cliente"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr "Fichero que contiene la llave de cliente"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr "Lista de posibles suites de cifrado"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr "Requiere la verificación de certificado TLS"
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr "Especificar el mecanismo sasl a usar"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr "Especifique el id de autorización sasl a usar"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr "Especifica el reinado de autorización sasl a ser utilizado"
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr "Especificar los SSF mínimos para autorizaciones sasl de LDAP"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr "Tabla de clave del servicio Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr "Usar auth Kerberos para la conexión LDAP"
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr "Seguir referencias LDAP"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr "Período de vida del TGT para la conexión LDAP"
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr "Como eliminar aliases"
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr "Nombre de servicio para busquedas de servicios DNS"
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr "La cantidad de registros a ser obtenidos en una única consulta LDAP"
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
"La cantidad de miembros que deben faltar para desencadenar una deref completa"
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -801,671 +841,676 @@ msgstr ""
"Si la Biblioteca LDAP debería realizar una búsqueda inversa para "
"canonicalizar el nombre del host durante un enlace SASL"
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr "atributo entryUSN"
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr "atributo lastUSN"
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
"El período de tiempo máximo para retener una conexión con el servidor LDAP "
"antes de desconectar"
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr "Deshabilita el control de paginación LDAP"
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr "Tiempo máximo a esperar un pedido de búsqueda"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr "periodo de espera para solicitud de enumeración"
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr "Tiempo en segundos entre las actualizaciones de enumeración"
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr "periodo de tiempo entre borrados de la caché"
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr "Requiere TLS para búsquedas de ID"
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr "DN base para búsquedas de usuario"
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr "Ambito de las búsquedas del usuario"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr "Filtro para las búsquedas del usuario"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr "Objectclass para los usuarios"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr "Atributo Username"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr "Atributo GID primario"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr "Atributo GECOS"
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr "Atributo Directorio de inicio"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr "Atributo shell"
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr "Atributo principal del usuario (para Kerberos) "
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr "Nombre completo"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr "Atributo memberOf"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr "Atributo hora de modificación"
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr "atributo shadowLastChange"
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr "atributo shadowMin "
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr "atributo shadowMax"
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr "atributo shadowWarning "
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr "atributo shadowInactive "
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr "atributo shadowExpire"
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr "atributo shadowFlag "
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr "listado de atributos de servicios PAM autorizados"
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr "Atributo de listado de equipos de servidor autorizados"
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr "atributo krbLastPwdChange "
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr "atributo krbPasswordExpiration "
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr ""
"atributo indicando que las políticas de contraseña del lado del servidor "
"están activas"
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr "atributo accountExpires de AD"
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr "atributo userAccountControl de AD"
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr "atributo nsAccountLock "
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr "loginDisabled atributo de NDS"
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr "loginExpirationTime atributo de NDS"
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "loginAllowedTimeMap atributo de NDS"
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr "Atributo de clave pública SSH"
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr "DN base para busqueda de grupos"
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr "clase objeto para"
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr "Nombre del grupo"
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr "Contraseña del grupo"
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr "Atributo GID"
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr "Atributo de miembro del grupo"
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr "Atributo de modificación de tiempo para los grupos"
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+#, fuzzy
+msgid "The LDAP group external member attribute"
+msgstr "Atributo de miembros de grupos de red"
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr "A continuación, nivel SSSD de anidado máximo"
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr "DN base para búsquedas de grupos de red"
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr "Clases de objetos para grupos de red"
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr "Nombre de grupo de red"
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr "Atributo de miembros de grupos de red"
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr "Atributo triple de grupo de red"
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr "Atributo de modificación de tiempo para grupos de red"
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr "Base DN para servicio de búsquedas"
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr "Clase de objeto para servicio"
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr "Atributo de nombre de servicio"
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr "Atributo de puerto de servicio"
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr "Atributo de protocolo de servidor"
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr "Política para evaluar el vencimiento de la contraseña"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
"Los atributos que deberán ser utilizados para evaluar si una cuenta ha "
"expirado"
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr "Las reglas que deberían ser utilizadas para evaluar control de acceso"
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
"URI de un servidor LDAP donde se permite la modificación de contraseñas"
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr ""
"Nombre del servicio DNS para el servidor de modificación de contraseñas LDAP"
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr "Base DN para búsquedas de reglas sudo"
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr "Objeto clase para reglas sudo"
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr "Nombre de regla sudo"
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr "Atributo de regla de comando sudo"
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr "Atributo de la regla host de sudo"
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr "Atributo de la regla usuario de sudo"
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr "Atributo de la regla opción de sudo"
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr "Atributo de la regla suda runasuser"
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr "Atributo de regla runasgroup de sudo"
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr "Atributo de regla notbefore de sudo"
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr "Atributo de regla noafter de sudo"
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr "Atributo de regla orden de sudo"
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr "Objeto clase para mapas automontador"
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr "Atributo de nombre de mapa de automontador"
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr "Objeto clase para entradas de mapa de automontador"
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr "Atributo de clave de entrada para mapa de automontador"
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr "Atributo de valor de entrada para mapa de automontador"
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr "Base DN para búsquedas de mapa de automontador"
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr "Lista separada por comas de usuarios autorizados"
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr "Lista separada por comas de usuarios prohibidos"
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr "Shell predeterminado, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr "Base de los directorios de inicio"
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr "Nombre de la biblioteca NSS a usar"
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr "Pila PAM a usar"
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr "Convertirse en demonio (predeterminado)"
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr "Ejecutarse en forma interactiva (no un demonio)"
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Indicar un archivo de configuración diferente al predeterminado"
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr "Muestra el número de versión y finaliza"
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr "Nive de depuración"
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr "Agregar marcas de tiempo de depuración"
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr "Mostrar marcas de tiempo con microsegundos"
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr "Un arhivo abierto de descriptor para los registros de depuración"
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr ""
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr ""
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr "Dominio del proveedor de información (obligatorio)"
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr "El zócalo privilegiado posee permisos o pertenencia equivocados."
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr "El zócalo público posee permisos o pertenencia equivocados."
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr "Formato no esperado del mensaje de la credencial del servidor."
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr "SSSD no está siendo ejecutado por el usuario root."
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr "Ha ocurrido un error, pero no se ha podido encontrar una descripción."
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr ""
"Ha ocurrido un error no esperado mientras se buscaba la descripción del error"
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr ""
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr "Mensaje del servidor:"
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr "Las contraseñas no coinciden"
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr "No existe soporte para reseteado de la contraseña por el usuario root."
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr "Autenticado mediante credenciales cacheada"
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ", su contraseña cacheada vencerá el:"
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr "La autenticación ha sido denegada hasta:"
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr "El sistema está fuera de línea, no se puede cambiar la contraseña"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
msgstr ""
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr "Falló el cambio de contraseña."
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr "Nueva contraseña: "
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr "Reingrese la contraseña nueva:"
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr "Contraseña: "
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr "Contraseña actual: "
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr "La contraseña ha expirado. Modifíquela en este preciso momento."
@@ -1474,7 +1519,7 @@ msgstr "La contraseña ha expirado. Modifíquela en este preciso momento."
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "Nivel de depuración en que se debe ejecutar"
@@ -1487,7 +1532,7 @@ msgstr "El dominio SSSD a usar"
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr "Error al poner la región\n"
@@ -1938,88 +1983,99 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr "Error de transacción. No se pudo modificar el usuario.\n"
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr ""
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr ""
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
-msgstr ""
+#: src/tools/sss_cache.c:644
+#, fuzzy
+msgid "Invalidate all cached entries"
+msgstr "Todos los usuarios invalidados"
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr "Usuario particular invalidado"
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr "Todos los usuarios invalidados"
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr ""
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr ""
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+#, fuzzy
+msgid "Invalidate particular sudo rule"
+msgstr "Usuario particular invalidado"
+
+#: src/tools/sss_cache.c:677
+#, fuzzy
+msgid "Invalidate all cached sudo rules"
+msgstr "Todos los usuarios invalidados"
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr ""
@@ -2040,7 +2096,7 @@ msgstr ""
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr "Falta memoria\n"
@@ -2049,14 +2105,14 @@ msgstr "Falta memoria\n"
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr "Envia el resultado de la depuración hacia archivos en lugar de stderr"
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr ""
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr ""
+
+#~ msgid "Send the debug output to files instead of stderr"
+#~ msgstr ""
+#~ "Envia el resultado de la depuración hacia archivos en lugar de stderr"
diff --git a/po/eu.po b/po/eu.po
index 8b30a79cb..9a0935837 100644
--- a/po/eu.po
+++ b/po/eu.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/"
@@ -18,1400 +18,1442 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:65
+msgid "Tune certificate verification"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+msgid "Files negative cache timeout length (seconds)"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+msgid "Message printed when user account is locked."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
msgid "Path to storage of trusted CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr "Gutxienezko erabiltzaile IDa"
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr "Gehienezko erabiltzaile IDa"
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr "IPA domeinua"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr "IPA zerbitzariaren helbidea"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr "IPA bezeroaren ostalari-izena"
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr "FAST gaitzen du"
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr "entryUSN atributua"
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr "lastUSN atributua"
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr "UID atributua"
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr "objectSID atributua"
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr "Izen osoa"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr "shadowLastChange atributua"
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr "shadowMin atributua"
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr "shadowMax atributua"
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr "shadowWarning atributua"
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr "shadowInactive atributua"
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr "shadowExpire atributua"
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr "shadowFlag atributua"
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr "krbLastPwdChange atributua"
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr "krbPasswordExpiration atributua"
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr "ADren accountExpires atributua"
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr "ADren userAccountControl atributua"
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr "nsAccountLock atributua"
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr "Talde-izena"
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr "Taldearen pasahitza"
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr "GID atributua"
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+msgid "The LDAP group external member attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr "Shell lehenetsia, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr "Inprimatu bertsio zenbakia eta irten"
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr "Arazketa maila"
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr "Gehitu arazketako data-zigiluak"
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr ""
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr ""
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr ""
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr ""
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
msgstr ""
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr "Huts egin du pasahitza aldatzeak. "
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr "Pasahitz berria: "
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr "Berriz sartu pasahitz berria: "
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr "Pasahitza: "
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr "Uneko pasahitza: "
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr "Pasahitza iraungita. Aldatu zure pasahitza orain."
@@ -1420,7 +1462,7 @@ msgstr "Pasahitza iraungita. Aldatu zure pasahitza orain."
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr ""
@@ -1433,7 +1475,7 @@ msgstr ""
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr ""
@@ -1863,88 +1905,99 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr ""
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr ""
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr ""
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
-msgstr ""
+#: src/tools/sss_cache.c:644
+#, fuzzy
+msgid "Invalidate all cached entries"
+msgstr "Baliogabetu zerbitzu guztiak"
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr "Baliogabetu erabiltzaile bat"
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr "Baliogabetu erabiltzaile guztiak"
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr "Baliogabetu talde bat"
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr "Baliogabetu talde guztiak"
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr "Baliogabetu zerbitzu bat"
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr "Baliogabetu zerbitzu guztiak"
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr ""
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr ""
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+#, fuzzy
+msgid "Invalidate particular sudo rule"
+msgstr "Baliogabetu erabiltzaile bat"
+
+#: src/tools/sss_cache.c:677
+#, fuzzy
+msgid "Invalidate all cached sudo rules"
+msgstr "Baliogabetu erabiltzaile guztiak"
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr ""
@@ -1965,7 +2018,7 @@ msgstr ""
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr ""
@@ -1974,14 +2027,10 @@ msgstr ""
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr ""
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr ""
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr ""
diff --git a/po/fr.po b/po/fr.po
index 48d563a87..d7e9f6fc4 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -8,12 +8,13 @@
# Fabien Archambault <marbolangos@gmail.com>, 2012
# Mariko Vincent <dweu60@gmail.com>, 2012
# Jérôme Fenal <jfenal@gmail.com>, 2015. #zanata
+# Jérôme Fenal <jfenal@gmail.com>, 2016. #zanata
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
-"PO-Revision-Date: 2015-09-21 07:57-0400\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
+"PO-Revision-Date: 2016-02-24 03:43-0500\n"
"Last-Translator: Jérôme Fenal <jfenal@gmail.com>\n"
"Language-Team: French (http://www.transifex.com/projects/p/sssd/language/"
"fr/)\n"
@@ -22,75 +23,80 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr "Définir le niveau de détails de la sortie de débogage"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr "Ajouter l'horodatage dans les fichiers de débogage"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
"Ajouter les microsecondes pour l'horodatage dans les journaux de débogage"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr "Écrire les messages de débogage dans les journaux"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr "Délai d'attente de réponse avant de redémarrer le service"
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
"Délai entre une série de trois ping en échec et une mort violente et forcée "
"du service"
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr "Commande pour démarrer le service"
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr "Nombre d'essais pour tenter de se connecter au fournisseur de données"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
"Le nombre de descripteurs de fichiers qui peuvent être ouverts par ce "
"répondeur"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr "durée d'inactivité avant la déconnexion automatique d'un client"
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr "Services SSSD à démarrer"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr "Domaines SSSD à démarrer"
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr "Délai d'attente pour les messages à envoyer à travers SBUS"
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr "Expression rationnelle d'analyse des noms d'utilisateur et de domaine"
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Format compatible printf d'affichage des noms complétement qualifiés"
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -98,74 +104,84 @@ msgstr ""
"Répertoire du système de fichiers où SSSD doit stocker les fichiers de "
"relecture de Kerberos."
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr "Domaine à ajouter aux noms sans composant de nom de domaine."
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr "L'utilisation vers lequel abandonner les privilèges"
#: src/config/SSSDConfig/__init__.py.in:65
+#, fuzzy
+msgid "Tune certificate verification"
+msgstr "Requiert une vérification de certificat TLS"
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr "Délai d'attente du cache d'énumération (en secondes)"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
"Délai d'attente de mise à jour en arrière-plan de l'entrée de cache (en "
"secondes)"
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr "Délai d'attente du cache négatif (en secondes)"
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+#, fuzzy
+msgid "Files negative cache timeout length (seconds)"
+msgstr "Délai d'attente du cache négatif (en secondes)"
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr "Utilisateurs que SSSD doit explicitement ignorer"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr "Groupes que SSSD doit explicitement ignorer"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr "Les utilisateurs filtrés doivent-ils apparaître dans les groupes"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr "Valeur du champ de mot de passe que le fournisseur NSS doit renvoyer"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr ""
"Remplacer par cette valeur celle du répertoire personnel obtenu avec le "
"fournisseur d'identité"
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
"Substitution de la valeur homedir vide du fournisseur d'identité avec cette "
"valeur"
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr "Écraser le shell donné par le fournisseur d'identité avec cette valeur"
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr ""
"Liste des interpréteurs de commandes utilisateurs autorisés pour se connecter"
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
"Liste des interpréteurs de commandes bannis et remplacés par celui par défaut"
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -173,31 +189,31 @@ msgstr ""
"Si un interpréteur de commandes stocké dans l'annuaire central est autorisé "
"mais indisponible, utiliser à défaut celui-ci"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr "Shell à utiliser si le fournisseur n'en propose aucun"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr "Durée de maintien en cache des enregistrements valides"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
"Tous les espaces dans les noms de groupes ou d'utilisateurs seront remplacés "
"par ce caractère"
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Délai pendant lequel les connexions utilisant le cache sont autorisées entre "
"deux connexions en ligne (en jours)"
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr "Nombre d'échecs de connexions hors-ligne autorisés"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -205,56 +221,69 @@ msgstr ""
"Durée d'interdiction de connexion après que offline_failed_login_attempts "
"est atteint (en minutes)"
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
"Quels types de messages sont affichés à l'utilisateur pendant "
"l'authentification"
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
"Durée en secondes pendant laquelle les informations d'identité sont gardées "
"en cache pour les requêtes PAM"
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
"Nombre de jours précédent l'expiration du mot de passe avant lesquels un "
"avertissement doit être affiché"
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr "Liste des uid ou noms d'utilisateurs dignes de confiance"
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
"Liste des domaines accessibles y compris par les utilisateurs non dignes de "
"confiance"
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr "Message affiché lorsque le compte a expiré"
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+#, fuzzy
+msgid "Message printed when user account is locked."
+msgstr "Message affiché lorsque le compte a expiré"
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr "Faut-il évaluer les attributs dépendants du temps dans les règles sudo"
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
"Condenser ou non les noms de systèmes et adresses du fichier known_hosts"
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
@@ -262,308 +291,312 @@ msgstr ""
"Le nombre de secondes pour garder un hôte dans le fichier known_hosts après "
"que ses clés d'hôte ont été demandées"
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
#, fuzzy
msgid "Path to storage of trusted CA certificates"
msgstr "Fichier contenant les certificats des CA"
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
"Listes des UID ou nom d'utilisateurs autorisés à accéder le répondeur PAC"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
"Listes des UID ou nom d'utilisateurs autorisés à accéder le répondeur "
"InfoPipe"
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr "Liste des attributs utilisateur que l'InfoPipe est autorisé à publier"
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr "Fournisseur d'identité"
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr "Fournisseur d'authentification"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr "Fournisseur de contrôle d'accès"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr "Fournisseur de changement de mot de passe"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr "Fournisseur SUDO"
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr "Fournisseur autofs"
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr "Fournisseur de chargement de session"
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr "Fournisseur d'identité de l'hôte"
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr "Identifiant utilisateur minimum"
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr "Identifiant utilisateur maximum"
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr "Activer l'énumération de tous les utilisateurs/groupes"
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr "Mettre en cache les crédits pour une connexion hors-ligne"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr "Stocker les sommes de contrôle des mots de passe"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr "Afficher les utilisateurs/groupes dans un format complétement qualifié"
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr "Ne pas inclure les membres des groupes dans les recherches de groupes."
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr "Durée de validité des entrées en cache (en secondes)"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr "Restreindre ou préférer une famille d'adresses lors des recherches DNS"
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Durée de validité des entrées en cache après la dernière connexion réussie "
"(en jours)"
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Délai d'attente des réponses du DNS lors de la résolution des serveurs (en "
"secondes)"
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr "La partie domaine de la requête de découverte de service DNS"
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr "Écraser la valeur du GID du fournisseur d'identité avec cette valeur"
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr "Considère les noms d'utilisateur comme casse dépendant"
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr "Fréquence de rafraîchissement en arrière plan des entrées expirées"
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr "Choisir de mettre à jour automatiquement l'entrée DNS du client"
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr "Le TTL à appliquer à l'entrée DNS du client après modification"
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"L'interface dont l'adresse IP doit être utilisée pour les mises à jour "
"dynamiques du DNS"
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr "Fréquence de mise à jour automatique de l'entrée DNS du client"
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
"Selon que le fournisseur doit aussi ou non mettre à jour explicitement "
"l'enregistrement PTR"
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr "Selon que l'utilitaire nsupdate doit utiliser TCP par défaut"
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
"Quel type d'authentification doit être utilisée pour effectuer la mise à "
"jour DNS"
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
#, fuzzy
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
"Quel type d'authentification doit être utilisée pour effectuer la mise à "
"jour DNS"
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr "Contrôle l'énumération des domaines approuvés"
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr "Fréquence de rafraîchissement des sous-domaines"
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr "Listes des options qui doivent être héritées dans le sous-domaine"
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr "Domaine IPA"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr "Adresse du serveur IPA"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr "Adresse du serveur IPA de secours"
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr "Nom de système du client IPA"
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
"Choisir de mettre à jour automatiquement l'entrée DNS du client dans FreeIPA"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr "Base de recherche pour les objets HBAC"
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr "Délai entre les recherches de règles HBAC sur le serveur IPA"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr "Délai entre les recherches de cartes SELinux sur le serveur IPA"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr "Si mit à false, l’argument de l'hôte donné par PAM est ignoré"
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr ""
"L'emplacement de la carte de montage automatique utilisée par le client IPA"
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr ""
"Base de recherche pour l'objet contenant les informations de base à propos "
"du domaine IPA"
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr ""
"Base de recherche pour les objets contenant les informations à propos des "
"plages d'ID"
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr "Activer les sites DNS - découverte de service basée sur l'emplacement"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr "Base de recherche des conteneurs de vues"
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr "Classe d'objet pour les conteneurs de vues"
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr "Attribut avec le nom de la vue"
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr "Classe d'objet surchargeant les objets"
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr "Attribut faisant référence à l'objet originel "
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr "Classe d'objet surchargeant les utilisateurs"
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr "Classe d'objet surchargeant les groupes"
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr "Domaine Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr "Adresse du serveur Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr "Adresse du serveur Active Directory de secours"
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr "Nom de système du client Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr "Filtre LDAP pour déterminer les autorisations d'accès"
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr "Choisir d'utiliser ou non le catalogue global pour les recherches"
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr "Mode opératoire pour les contrôles d'accès basé sur les GPO"
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
@@ -571,7 +604,7 @@ msgstr ""
"Durée entre les recherches de fichiers de politiques de GPO dans le serveur "
"AD"
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
@@ -579,7 +612,7 @@ msgstr ""
"Noms de services PAM correspondant à la configuration de la politique "
"(Deny)InteractiveLogonRight de la GPO"
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
@@ -587,257 +620,266 @@ msgstr ""
"Noms de services PAM correspondant à la configuration de la politique "
"(Deny)RemoteInteractiveLogonRight de la GPO"
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
"Noms de services PAM correspondant à la configuration de la politique "
"(Deny)NetworkLogonRight de la GPO"
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
"Noms de services PAM correspondant à la configuration de la politique "
"(Deny)BatchLogonRight de la GPO"
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
"Noms de services PAM correspondant à la configuration de la politique "
"(Deny)ServiceLogonRight de la GPO"
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
"Noms de services PAM pour lesquels les accès s'appuyant sur la GPO sont "
"toujours autorisés"
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
"Noms de services PAM pour lesquels les accès s'appuyant sur la GPO sont "
"toujours interdits"
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
"Droit de connexion par défaut (ou permission/interdiction) à utiliser pour "
"les noms de services sans correspondance"
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr "un site particulier utilisé par le client"
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr "Adresse du serveur Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr "Adresse du serveur Kerberos de secours"
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr "Domaine Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr "Délai avant expiration de l'authentification"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr "Choisir de créer ou non les fichiers kdcinfo"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr "Où déposer les extraits de configuration krb5"
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr "Répertoire pour stocker les caches de crédits"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr "Emplacement du cache de crédits de l'utilisateur"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr "Emplacement du fichier keytab de validation des crédits"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr "Activer la validation des crédits"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr ""
"Stocker le mot de passe, si hors-ligne, pour une authentification ultérieure "
"en ligne"
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr "Durée de vie renouvelable du TGT"
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr "Durée de vie du TGT"
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr "Durée entre deux vérifications pour le renouvellement"
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr "Active FAST"
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
-msgstr "Sélectionne le principal pour être utilisé avec FAST"
+msgstr "Sélectionne le principal à utiliser avec FAST"
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr "Active la canonisation du principal"
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr "Active les principals d'entreprise"
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
"Une liste de correspondances entre noms d'utilisateurs et noms de principaux "
"kerberos"
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Serveur où tourne le service de changement de mot de passe s'il n'est pas "
"sur le KDC"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, l'adresse du serveur LDAP"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr "ldap_backup_uri, l'URI du serveur LDAP"
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr "La base DN par défaut"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Le type de schéma utilisé sur le serveur LDAP, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr "Le DN de connexion par défaut"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr "Le type de jeton d'authentification du DN de connexion par défaut"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr "Le jeton d'authentification du DN de connexion par défaut"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr "Durée pendant laquelle il sera tenté d'établir la connexion"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Durée pendant laquelle il sera tenté des opérations LDAP synchrones"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr "Durée d'attente entre deux essais de reconnexion en mode hors-ligne"
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr "N'utiliser que des majuscules pour les noms de domaine"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr "Fichier contenant les certificats des CA"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr "Chemin vers le répertoire de certificats des CA"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr "Fichier contenant le certificat client"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr "Fichier contenant la clé du client"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr "Liste des suites de chiffrement possibles"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr "Requiert une vérification de certificat TLS"
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr "Spécifier le mécanisme SASL à utiliser"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr "Spécifier l'identité d'authorisation SASL à utiliser"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr "Spécifier le domaine d'authorisation SASL à utiliser"
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr "Spécifie le minimum SSF pour l'autorisation sasl LDAP"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr "Service du fichier keytab de Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr "Utiliser l'authentification Kerberos pour la connexion LDAP"
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr "Suivre les référents LDAP"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr "Durée de vie du TGT pour la connexion LDAP"
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr "Comment déréférencer les alias"
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr "Nom du service pour les recherches DNS"
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr "Le nombre d'enregistrements à récupérer dans une requête LDAP unique"
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
"Nombre de membres qui doivent être manquants pour activer un déréférencement "
"complet"
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -845,383 +887,392 @@ msgstr ""
"Est-ce que la bibliothèque LDAP doit effectuer une requête pour canoniser le "
"nom d'hôte pendant une connexion SASL ?"
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr "attribut entryUSN"
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr "attribut lastUSN"
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
"Combien de temps conserver la connexion au serveur LDAP avant de se "
"déconnecter"
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr "Désactiver le contrôle des pages LDAP"
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr "Désactiver la récupération de plage Active Directory."
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr "Durée d'attente pour une requête de recherche"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr "Durée d'attente pour une requête d'énumération"
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr "Durée entre deux mises à jour d'énumération"
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr "Durée entre les nettoyages de cache"
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr "TLS est requis pour les recherches d'identifiants"
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
"Utilisation de la correspondance d'ID pour les objectSID au lieu d'ID pré-"
"établis"
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr "Base DN pour les recherches d'utilisateurs"
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr "Scope des recherches d'utilisateurs"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr "Filtre pour les recherches d'utilisateurs"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr "Classe d'objet pour les utilisateurs"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr "Attribut de nom d'utilisateur"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr "Attribut UID"
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr "Attribut de GID primaire"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr "Attribut GECOS"
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr "Attribut de répertoire utilisateur"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr "Attribut d'interpréteur de commandes"
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr "attribut UUID"
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr "attribut objectSID"
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr "Groupe primaire Active Directory pour la correspondance d'ID"
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr "Attribut d'utilisateur principal (pour Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr "Nom complet"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr "Attribut memberOf"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr "Attribut de date de modification"
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr "Attribut shadowLastChange"
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr "Attribut shadowMin"
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr "Attribut shadowMax"
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr "Attribut shadowWarning"
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr "Attribut shadowInactive"
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr "Attribut shadowExpire"
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr "Attribut shadowFlag"
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr "Attribut listant les services PAM autorisés"
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr "Attribut listant les systèmes serveurs autorisés"
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr "Attribut krbLastPwdChange"
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr "Attribut krbPasswordExpiration"
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr ""
"Attribut indiquant que la stratégie de mot de passe du serveur est active"
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr "Attribut AD accountExpires"
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr "Attribut AD userAccountControl"
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr "Attribut nsAccountLock"
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr "Attribut NDS loginDisabled"
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr "Attribut NDS loginExpirationTime"
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "Attribut NDS loginAllowedTimeMap"
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr "Attribut de clé public SSH"
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
"attribut énumérant les types d'authentification autorisés pour un utilisateur"
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr "attribut contenant le certificat X509 de l'utilisateur"
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
"Une liste des attributs supplémentaires à télécharger avec l'entrée de "
"l'utilisateur"
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr "DN de base pour les recherches de groupes"
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr "Classe d'objet pour les groupes"
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr "Nom du groupe"
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr "Mot de passe du groupe"
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr "Attribut GID"
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr "Attribut membre du groupe"
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr "attribut de l'UUID du groupe"
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr "Attribut de date de modification pour les groupes"
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr "Type de groupe et autres indicateurs"
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+#, fuzzy
+msgid "The LDAP group external member attribute"
+msgstr "Attribut des membres des groupes réseau"
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr "Niveau de récursion maximum que SSSd doit suivre"
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr "DN de base pour les recherches de netgroup"
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr "Classe d'objet pour les groupes réseau"
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr "Nom du groupe réseau"
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr "Attribut des membres des groupes réseau"
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr "Attribut triplet du groupe réseau"
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr "Attribut date de modification pour les groupes réseau"
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr "Nom de domaine (DN) de base pour les recherches de service"
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr "Classe objet pour les services"
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr "Attribut de nom de service"
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr "Attribut de port du service"
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr "Attribut de service du protocole"
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr "Limite inférieure pour la correspondance d'ID"
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr "Limite supérieure pour la correspondance d'ID"
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr "Nombre d'ID par tranche pour la correspondance d'ID"
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
"Utilisation d'un algorithme compatible autorid pour la correspondance d'ID"
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr "Nom du domaine par défaut pour la correspondance d'ID"
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr "SID du domaine par défaut pour la correspondance d'ID"
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr "Utiliser LDAP_MATCHING_RULE_IN_CHAIN pour les recherches de groupes"
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
"Utiliser LDAP_MATCHING_RULE_IN_CHAIN pour les recherches de groupes "
"d'initialisation"
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr "Choisir d'utiliser ou non les groupes de jetons"
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
"Définir la limite inférieure d'identifiants autorisés pour l'annuaire LDAP"
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
"Définir la limite supérieure d'identifiants autorisés pour l'annuaire LDAP"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr "DN pour les requêtes sur ppolicy"
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr "Stratégie d'évaluation de l'expiration du mot de passe"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr "Quels attributs utiliser pour déterminer si un compte a expiré"
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr "Quelles règles utiliser pour évaluer le contrôle d'accès"
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr "URI d'un serveur LDAP où les changements de mot de passe sont acceptés"
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
"URI d'un serveur LDAP de secours où sont autorisées les modifications de mot "
"de passe"
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr "Nom du service DNS pour le serveur de changement de mot de passe LDAP"
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
@@ -1229,23 +1280,23 @@ msgstr ""
"Choix de mise à jour de l'attribut ldap_user_shadow_last_change après un "
"changement de mot de passe"
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr "Nom de domaine (DN) de base pour les recherches de règles sudo"
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr "Périodicité de rafraichissement total"
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr "Périodicité de rafraichissement intelligent"
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr "Filter ou non sur les noms de systèmes, adresses IP et réseaux"
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
@@ -1253,249 +1304,245 @@ msgstr ""
"Noms de systèmes et/ou noms pleinement qualifiés de cette machine pour "
"filtrer les règles sudo"
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
"Adresses ou réseaux IPv4 ou IPv6 de cette machine pour filtrer les règles "
"sudo"
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
"Inclure ou non les règles qui contiennent un netgroup dans l'attribut host"
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
"Inclure ou non les règles qui contiennent une expression rationnelle dans "
"l'attribut host"
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr "Classe objet pour les règles sudo"
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr "Règle de nom sudo"
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr "Attribut de commande de règle sudo"
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr "Attribut hôte de la règle sudo"
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr "Attribut utilisateur de la règle sudo"
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr "Attribut option de la règle sudo"
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr "Attribut de règle sudo runas"
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr "Attribut runasuser de la règle sudo"
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr "Attribut runasgroup de la règle sudo"
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr "Attribut notbefore de la règle sudo"
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr "Attribut notafter de règle sudo"
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr "Attribut d'ordre de règle sudo"
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr "Classe objet pour la carte de montage automatique"
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr "Nom de l'attribut de carte de montage automatique"
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr "Classe objet pour l'entrée de référence de montage automatique"
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr "Attribut de clé d'entrée pour la carte de montage automatique"
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr "Attribut de valeur pour la carte de montage automatique"
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr "Base DN pour les requêtes de carte de montage automatique"
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr "Liste, séparée par des virgules, d'utilisateurs autorisés"
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr "Liste, séparée par des virgules, d'utilisateurs interdits"
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr "Interpréteur de commande par défaut : /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr "Base pour les répertoires utilisateur"
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr "Nom de la bibliothèque NSS à utiliser"
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr "Rechercher le nom canonique du groupe dans le cache si possible"
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr "Pile PAM à utiliser"
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr "Devenir un démon (par défaut)"
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr "Fonctionner en interactif (non démon)"
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Définir un fichier de configuration différent de celui par défaut"
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr "Afficher le numéro de version et quitte"
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr "Niveau de débogage"
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr "Ajouter l'horodatage au débogage"
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr "Afficher l'horodatage en microsecondes"
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr "Un descripteur de fichier ouvert pour les journaux de débogage"
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr "Envoyer la sortie de débogage directement vers l'erreur standard."
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr "L'utilisateur à utiliser pour la création du ccache FAST"
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr "Le groupe à utiliser pour la création du ccache FAST"
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr "Domaine du fournisseur d'informations (obligatoire)"
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
"Le socket privilégié a de mauvaises permissions ou un mauvais propriétaire."
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr ""
"Le socket public a de mauvaises permissions ou un mauvais propriétaire."
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr "Le message du serveur de crédits a un format inattendu."
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr "SSSD n'est pas démarré par root."
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr "Une erreur est survenue mais aucune description n'est trouvée."
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr "Erreur inattendue lors de la recherche de la description de l'erreur"
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr "Accès refusé."
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr "Message du serveur : "
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr "Les mots de passe ne correspondent pas"
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr ""
"La réinitialisation du mot de passe par root n'est pas prise en charge."
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr "Authentifié avec les crédits mis en cache"
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ", votre mot de passe en cache expirera à :"
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
"Votre mot de passe a expiré. Il vous reste %1$d connexion(s) autorisée(s)."
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr "Votre mot de passe expirera dans %1$d %2$s."
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr "L'authentification est refusée jusque :"
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr ""
"Le système est hors-ligne, les modifications du mot de passe sont impossibles"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
@@ -1503,35 +1550,35 @@ msgstr ""
"Après avoir modifié le mot de passe OTP, vous devez vous déconnecter et vous "
"reconnecter afin d'acquérir un ticket"
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr "Échec du changement de mot de passe."
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr "Nouveau mot de passe : "
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr "Retaper le nouveau mot de passe : "
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr "Premier facteur :"
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr "Second facteur :"
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr "Mot de passe : "
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr "Mot de passe actuel : "
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr "Mot de passe expiré. Changez votre mot de passe maintenant."
@@ -1540,7 +1587,7 @@ msgstr "Mot de passe expiré. Changez votre mot de passe maintenant."
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "Le niveau de débogage utilisé avec"
@@ -1553,7 +1600,7 @@ msgstr "Le domaine SSSD à utiliser"
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr "Erreur lors du paramétrage de la locale\n"
@@ -2028,81 +2075,92 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr "Erreur de transaction. Impossible de modifier l'utlisateur.\n"
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr "Aucun object trouvé dans le cache pour la recherche spécifiée\n"
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr "Impossible d'invalider %1$s\n"
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr "Impossible d'invalider %1$s %2$s\n"
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
-msgstr "Invalider toutes les entrées en cache hormis les règles sudo"
+#: src/tools/sss_cache.c:644
+#, fuzzy
+msgid "Invalidate all cached entries"
+msgstr "Invalidation de tous les services"
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr "Invalider un utilisateur spécifique"
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr "Invalider tous les utilisateurs"
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr "Invalider un groupe particulier"
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr "Invalider tous les groupes"
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr "Invalider un groupe réseau particulier"
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr "Invalider tous les groupes réseau"
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr "Invalidation d'un service particulier"
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr "Invalidation de tous les services"
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr "Invalidation d'une carte autofs particulière"
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr "Invalidation de toutes les cartes autofs"
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr "Invalider un hôte SSH particulier"
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr "Invalider tous les hôtes SSH"
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+#, fuzzy
+msgid "Invalidate particular sudo rule"
+msgstr "Invalider un utilisateur spécifique"
+
+#: src/tools/sss_cache.c:677
+#, fuzzy
+msgid "Invalidate all cached sudo rules"
+msgstr "Invalider toutes les entrées en cache hormis les règles sudo"
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr "N'invalider des entrées que d'un domaine spécifique"
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr "Merci de sélectionner au moins un objet à invalider\n"
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
@@ -2112,7 +2170,7 @@ msgstr ""
"(domaine approuvé), utiliser le nom pleinement qualifié au lieu du paramètre "
"--domain/-d.\n"
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr "Impossible d'ouvrir aucun des domaines disponibles\n"
@@ -2134,7 +2192,7 @@ msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
"Le nom « %1$s » ne semble pas être un FQDN (« %2$s = TRUE » est configuré)\n"
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr "Mémoire saturée\n"
@@ -2143,16 +2201,15 @@ msgstr "Mémoire saturée\n"
msgid "%1$s must be run as root\n"
msgstr "%1$s doit être lancé en tant que root\n"
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr ""
-"Envoyer la sortie de débogage vers un fichier plutôt que vers la sortie "
-"standard"
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr "L'identifiant utilisateur sous lequel faire tourner le serveur"
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr "L'identifiant de groupe sous lequel faire tourner le serveur"
+
+#~ msgid "Send the debug output to files instead of stderr"
+#~ msgstr ""
+#~ "Envoyer la sortie de débogage vers un fichier plutôt que vers la sortie "
+#~ "standard"
diff --git a/po/hu.po b/po/hu.po
index b97ca65cc..d3360f16e 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -10,7 +10,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Hungarian (http://www.transifex.com/projects/p/sssd/language/"
@@ -20,1401 +20,1445 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr "Elindítandó SSSD szolgáltatások"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:65
+#, fuzzy
+msgid "Tune certificate verification"
+msgstr "TLS tanusítvány ellenőrzése"
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+#, fuzzy
+msgid "Files negative cache timeout length (seconds)"
+msgstr "Bejegyzés-gyorsítótár érvényessége (másodperc)"
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr "SSSD által figyelmen kívül hagyott felhasználók"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr "SSSD által figyelmen kívül hagyott csoportok"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr "Hány sikertelen bejelentkezés engedélyezett offline állapotban"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+msgid "Message printed when user account is locked."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
#, fuzzy
msgid "Path to storage of trusted CA certificates"
msgstr "A CA tanusítványokat tartalmazó fájl"
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr "Azonosító-kiszolgáló"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr "Legkisebb felhasználói azonosító"
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr "Legnagyobb felhasználói azonosító"
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr "Azonosítók gyorsítótárazása offline használathoz"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr "Jelszó hash-ek tárolása"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr "Bejegyzés-gyorsítótár érvényessége (másodperc)"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr "IPA-tartomány"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr "IPA kiszolgáló címe"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr "IPA kliens hosztneve"
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr "Kerberos-kiszolgáló címe"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr "Kerberos-tartomány"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr "Időtúllépés azonosításkor"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, az LDAP szerver URI-ja"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr "Alapértelmezett LDAP alap-DN-je"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Az LDAP szerveren használt séma-típus, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr "Az alapértelmezett bind DN"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr "A kapcsolódási próbálkozás időtartama"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr "A CA tanusítványokat tartalmazó fájl"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr "TLS tanusítvány ellenőrzése"
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr "TLS megkövetelése ID keresésekor"
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr "GECOS attribútum"
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr "Shell attribútum"
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr "Teljes név"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr "memberOf attribútum"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr "Csoport neve"
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr "Csoport jelszava"
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+msgid "The LDAP group external member attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr "Alapértelmezett shell, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr "Időbélyegek a hibakeresési kimenetben"
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr "Mikroszekundum pontosságú időbélyegek"
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr ""
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr ""
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr "Az SSSD nem root-ként fut."
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr "Hiba lépett fel, de nem érhetőek el részletek."
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr ""
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr "Szerver üzenete:"
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr "A jelszavak nem egyeznek"
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr "A jelszó root általi visszaállítása nem támogatott."
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr "Azonosítva gyorsítótárazott adatbázisból"
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ", a gyorsítótárazott jelszó lejár ekkor: "
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr "A bejelentkezés tiltott eddig:"
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr "A rendszer nem érhető el, a jelszó megváltoztatása nem lehetséges"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
msgstr ""
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr "A jelszó megváltoztatása nem sikerült."
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr "Új jelszó:"
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr "Jelszó mégegyszer: "
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr "Jelszó: "
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr "Jelenlegi jelszó:"
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr "A jelszava lejárt, változtass meg most."
@@ -1423,7 +1467,7 @@ msgstr "A jelszava lejárt, változtass meg most."
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr ""
@@ -1436,7 +1480,7 @@ msgstr ""
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr ""
@@ -1868,88 +1912,96 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr "Tranzakcióhiba történt, a felhasználó nem módosítható.\n"
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr ""
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr ""
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
+#: src/tools/sss_cache.c:644
+msgid "Invalidate all cached entries"
msgstr ""
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr ""
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr ""
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+msgid "Invalidate particular sudo rule"
+msgstr ""
+
+#: src/tools/sss_cache.c:677
+msgid "Invalidate all cached sudo rules"
+msgstr ""
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr ""
@@ -1970,7 +2022,7 @@ msgstr ""
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr "Elfogyott a memória\n"
@@ -1979,14 +2031,10 @@ msgstr "Elfogyott a memória\n"
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr ""
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr ""
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr ""
diff --git a/po/id.po b/po/id.po
index bc7822cf3..cffe98ef9 100644
--- a/po/id.po
+++ b/po/id.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Indonesian (http://www.transifex.com/projects/p/sssd/language/"
@@ -17,1400 +17,1443 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr "Mengatur verbosity dari pencatatan debug"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr "Sertakan cap waktu di pencatatan debug"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr "Menulis pesan debug ke berkas log"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr "Perintah untuk memulai layanan"
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr "Jumlah usaha yang dilakukan untuk mencoba koneksi ke Penyedia Data"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr "Layanan SSSD akan dijalankan"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr "Domain SSSD akan dijalankan"
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:65
+#, fuzzy
+msgid "Tune certificate verification"
+msgstr "Membutuhkan verifikasi sertifikat TLS"
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+msgid "Files negative cache timeout length (seconds)"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr "Pengguna yang diabaikan secara eksplisit oleh SSSD"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr "Grup yang diabaikan secara eksplisit oleh SSSD"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr "Haruskah pengguna yang disaring muncul dalam grup"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr "Nilai kolom kata sandi yang harus dikembalikan oleh penyedia NSS"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+msgid "Message printed when user account is locked."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
msgid "Path to storage of trusted CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr "Penyedia identitas"
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr "Penyedia otentikasi"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr "Penyedia kontrol akses"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr "Penyedia pengubah kata sandi"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr "ID pengguna minimum"
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr "ID pengguna maksimum"
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr "Domain IPA"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr "Alamat server IPA"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr "Nama host klien IPA"
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr "Alamat server Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr "Realm Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, URI server LDAP"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Jenis Skema yang digunakan pada server LDAP, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr "Lamanya waktu untuk mencoba koneksi"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Lamanya waktu untuk mencoba operasi LDAP yang sinkron"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr "Lamanya waktu antara upaya untuk menyambung kembali saat luring"
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr "Membutuhkan verifikasi sertifikat TLS"
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr "Tentukan mekanisme sasl yang digunakan"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr "Tentukan id otorisasi sasl yang digunakan"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr "Keytab layanan Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr "Gunakan otentikasi Kerberos untuk koneksi LDAP"
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr "Lingkup pencarian pengguna"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr "Filter pencarian pengguna"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr "Objectclass untuk pengguna"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr "Atribut UID"
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr "Atribut GID Primer"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr "Atribut GECOS"
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr "Atribut direktori Home"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr "Atribut Shell"
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr "Atribut utama pengguna (untuk Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr "Nama Lengkap"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr "Atribut memberOf"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr "Atribut waktu modifikasi"
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+msgid "The LDAP group external member attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr "Daftar pengguna yang diijinkan dalam format yang dipisahkan koma"
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr "Daftar pengguna yang tidak diijinkan dalam format yang dipisahkan koma"
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr "Shell default, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr ""
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr ""
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr ""
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr "Pesan server:"
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr "Kata sandi tidak cocok"
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr "Sistem sedang luring, perubahan kata sandi tidak dimungkinkan"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
msgstr ""
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr "Perubahan kata sandi gagal."
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr "Kata Sandi Baru: "
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr "Masukkan lagi kata sandi baru:"
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr "Kata sandi:"
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr "Kata sandi saat ini:"
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr ""
@@ -1419,7 +1462,7 @@ msgstr ""
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr ""
@@ -1432,7 +1475,7 @@ msgstr ""
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr ""
@@ -1876,88 +1919,96 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr "Kesalahan transaksi. Pengguna tidak dapat dimodifikasi.\n"
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr ""
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr ""
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
+#: src/tools/sss_cache.c:644
+msgid "Invalidate all cached entries"
msgstr ""
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr ""
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr ""
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+msgid "Invalidate particular sudo rule"
+msgstr ""
+
+#: src/tools/sss_cache.c:677
+msgid "Invalidate all cached sudo rules"
+msgstr ""
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr ""
@@ -1978,7 +2029,7 @@ msgstr ""
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr "Kehabisan memori\n"
@@ -1987,14 +2038,10 @@ msgstr "Kehabisan memori\n"
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr ""
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr ""
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr ""
diff --git a/po/it.po b/po/it.po
index fdcf2bab4..d77c9fb79 100644
--- a/po/it.po
+++ b/po/it.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Italian (http://www.transifex.com/projects/p/sssd/language/"
@@ -18,162 +18,177 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr "Imposta il livello di dettaglio dei messaggi di debug"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr "Includi i timestamp nei log"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr "Scrivere i messaggi di debug nei file di log"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr "Timeout di ping per il riavvio del servizio"
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr "Comando per avviare il servizio"
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr "Numero di tentativi di connessione ai data providers"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr "Avvio dei servizi SSSD"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr "Avvio dei domini SSSD"
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr "Timeout dei messaggi inviati sul SBUS"
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr "Regex per il parsing di nome utente e dominio"
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Formato compatibile con printf per la visualizzazione di nomi completi"
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:65
+#, fuzzy
+msgid "Tune certificate verification"
+msgstr "Richiedere la verifica del certificato TLS"
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr "Durata timeout per la cache enumeration (secondi)"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr "Durata timeout aggiornamento cache in background (secondi)"
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr "Durata timeout negative cache (secondi)"
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+#, fuzzy
+msgid "Files negative cache timeout length (seconds)"
+msgstr "Durata timeout negative cache (secondi)"
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr "Utenti che SSSD dovrebbe ignorare esplicitamente"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr "Gruppi che SSSD dovrebbe ignorare esplicitamente"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr "Specifica se mostrare gli utenti filtrati nei gruppi"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr ""
"Il valore del campo password che deve essere ritornato dal provider NSS"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr "Per quanto tempo accettare login in cache tra login online (giorni)"
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr "Numero di tentativi di login falliti quando offline"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -181,1248 +196,1277 @@ msgstr ""
"Per quanto tempo (minuti) negare i tentativi di login dopo che "
"offline_failed_login_attemps è stato raggiunto"
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+msgid "Message printed when user account is locked."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
#, fuzzy
msgid "Path to storage of trusted CA certificates"
msgstr "File contenente i certificati CA"
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr "Provider di identità"
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr "Provider di autenticazione"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr "Provider di access control"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr "Provider di cambio password"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr "ID utente minimo"
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr "ID utente massimo"
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr "Consentire l'enumerazione di tutti gli utenti/gruppi"
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr "Salvare in cache le credenziali per login offline"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr "Salvare gli hash delle password"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr "Mostrare utenti/gruppi in formato fully-qualified"
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr "Durata timeout elementi in cache (secondi)"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Restringere o preferire una specifica famiglia di indirizzi per l'esecuzione "
"di lookup DNS"
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Per quanto tempo tenere in cache gli elementi dopo un login che ha avuto "
"successo (giorni)"
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr "Il tempo di attesa per le richieste DNS (secondi)"
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"L'interfaccia il cui indirizzo IP dovrebbe essere usato per aggiornamenti "
"DNS dinamici."
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr "Dominio IPA"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr "Indirizzo del server IPA"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr "Hostname del client IPA"
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr "Filtro LDAP per determinare i privilegi di accesso"
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr "Indirizzo del server Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr "Realm Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr "Timeout di autenticazione"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr "Directory in cui salvare le credenziali"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr "Percorso della cache delle credenziali utente"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr "Percorso del keytab per la validazione delle credenziali"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr "Abilita la validazione delle credenziali"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr "Intervallo di tempo tra due controlli di rinnovo"
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr "Abilita FAST"
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Server dove viene eseguito il servizio di cambio password, se non nel KDC"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, l'indirizzo del server LDAP"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr "Il base DN predefinito"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Lo Schema Type utilizzato dal server LDAP, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr "Il bind DN predefinito"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr "Il tipo di token di autenticazione del bind DN predefinito"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr "Il token di autenticazione del bind DN predefinito"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr "Durata del tentativo di connessione"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Durata del tentativo di esecuzione di operazioni LDAP sincrone"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr "Durata tra tentativi di riconnessione quando offline"
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr "Usare solo maiuscole per i nomi dei realm"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr "File contenente i certificati CA"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr "Percorso della directory dei cerficati della CA"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr "File contenente il certificato client"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr "File contenente la chiave client"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr "Lista delle possibili cipher suite"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr "Richiedere la verifica del certificato TLS"
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr "Specificare il meccanismo sasl da usare"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr "Specificare l'id di autorizzazione sasl da usare"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr "Keytab del servizio Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr "Usare autorizzazione Kerberos per la connessione LDAP"
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr "Seguire i referral LDAP"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr "Metodo di deferenziazione degli alias"
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr "Durata attesa per le richieste di ricerca"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr "Durata tra gli aggiornamenti alle enumeration"
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr "Intervallo di tempo per la pulizia cache"
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr "Richiedere TLS per gli ID lookup"
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr "Base DN per i lookup utente"
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr "Ambito di applicazione dei lookup utente"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr "Filtro per i lookup utente"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr "Objectclass per gli utenti"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr "Attributo UID"
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr "Attributo del GID primario"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr "Attributo GECOS"
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr "Attributo della home directory"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr "Attributo della shell"
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr "Attributo user principal (per Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr "Nome completo"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr "Attributo memberOf"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr "Attributo data di modifica"
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+msgid "The LDAP group external member attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr "Politica per controllare la scadenza della password"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr "Lista separata da virgola degli utenti abilitati"
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr "Lista separata da virgola degli utenti non abilitati"
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr "Shell predefinita, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr "Base delle home directory"
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr "Il nome della libreria NSS da usare"
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr "Stack PAM da usare"
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr "Esegui come demone (default)"
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr "Esegui interattivamente (non come demone)"
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Specificare un file di configurazione specifico"
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr "Livello debug"
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr "Includi timestamp di debug"
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr "Un descrittore di file aperto per l'output di debug"
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr ""
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr ""
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr "Dominio del provider di informazioni (obbligatorio)"
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr "Il socket privilegiato ha permessi o propritario non validi."
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr "Il socket pubblico ha permessi o propritario non validi."
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr "SSSD non è eseguito da root."
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr ""
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr "Messaggio del server:"
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr "Le password non coincidono"
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr "Autenticato con le credenziali nella cache"
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ", la password in cache scadrà il: "
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr "L'autenticazione verrà negata fino al: "
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr "Il sistema è offline, non è possibile richiedere un cambio password"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
msgstr ""
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr "Cambio password fallito."
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr "Nuova password: "
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr "Conferma nuova password: "
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr "Password: "
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr "Password corrente: "
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr "Password scaduta. Cambiare la password ora."
@@ -1431,7 +1475,7 @@ msgstr "Password scaduta. Cambiare la password ora."
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "Il livello di debug da utilizzare"
@@ -1444,7 +1488,7 @@ msgstr ""
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr "Errore di impostazione del locale\n"
@@ -1893,88 +1937,96 @@ msgstr "Impossibile modificare l'utente - utente già membro di gruppi?\n"
msgid "Transaction error. Could not modify user.\n"
msgstr "Errore nella transazione. Impossibile modificare l'utente.\n"
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr ""
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr ""
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
+#: src/tools/sss_cache.c:644
+msgid "Invalidate all cached entries"
msgstr ""
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr ""
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr ""
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+msgid "Invalidate particular sudo rule"
+msgstr ""
+
+#: src/tools/sss_cache.c:677
+msgid "Invalidate all cached sudo rules"
+msgstr ""
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr ""
@@ -1995,7 +2047,7 @@ msgstr ""
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr "Memoria esaurita\n"
@@ -2004,14 +2056,13 @@ msgstr "Memoria esaurita\n"
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr "Redirigere l'output di debug su file anzichè stderr"
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr ""
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr ""
+
+#~ msgid "Send the debug output to files instead of stderr"
+#~ msgstr "Redirigere l'output di debug su file anzichè stderr"
diff --git a/po/ja.po b/po/ja.po
index 5e0bb46a7..13aeed256 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/"
@@ -18,70 +18,75 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr "デバッグのロギングの冗長性を設定する"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr "デバッグログにタイムスタンプを含める"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr "デバッグログにミリ秒単位のタイムスタンプを含める"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr "デバッグメッセージをログファイルに書き込む"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr "サービス再起動前の Ping タイムアウト"
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr "3 回 の ping チェック失敗とサービスの強制停止のタイムアウト間隔"
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr "サービス開始のコマンド"
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr "データプロバイダーの接続を試行する回数"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr "このレスポンダーににより開かれるファイル記述子の数"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr "クライアントの自動切断までのアイドル時間"
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr "開始する SSSD サービス"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr "開始する SSSD ドメイン"
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr "SBUS 経由のメッセージ送信のタイムアウト"
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr "ユーザー名とドメインを構文解析する正規表現"
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "完全修飾名を表示するための printf 互換の形式"
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -89,68 +94,78 @@ msgstr ""
"SSSD が Kerberos リプレイキャッシュファイルを保存するファイルシステムのディレ"
"クトリです。"
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr "domain 要素なしで追加するドメインの名前。"
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:65
+#, fuzzy
+msgid "Tune certificate verification"
+msgstr "TLS 証明書の検証を要求する"
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr "列挙キャッシュのタイムアウト(秒)"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr "エントリーキャッシュのバックグラウンド更新のタイムアウト時間(秒)"
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr "ネガティブキャッシュのタイムアウト(秒)"
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+#, fuzzy
+msgid "Files negative cache timeout length (seconds)"
+msgstr "ネガティブキャッシュのタイムアウト(秒)"
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr "SSSD が明示的に無視するユーザー"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr "SSSD が明示的に無視するグループ"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr "フィルターされたユーザーをグループに表示する"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr "NSS プロバイダーが返すパスワード項目の値"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr "識別プロバイダーからのホームディレクトリーの値をこの値で上書きする"
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
"アイデンティティプロバイダーからの空のホームディレクトリーをこの値で置き換え"
"ます"
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr "アイデンティティプロバイダーからのシェル値をこの値で上書きします"
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr "ユーザーがログインを許可されるシェルの一覧"
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr "拒否されてフォールバックシェルで置き換えられるシェルの一覧"
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -158,608 +173,633 @@ msgstr ""
"中央ディレクトリーに保存されたシェルが許可されるが、利用できない場合、この"
"フォールバックを使用する"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr "プロバイダーが一覧に持っていないとき使用するシェル"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr "メモリー内のキャッシュレコードが有効な期間"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr "オンラインログイン中にキャッシュによるログインが許容される期間(日数)"
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr "オフラインのときに許容されるログイン試行失敗回数"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr "offline_failed_login_attempts に達した後にログインを拒否する時間(分)"
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr "認証中にユーザーに表示されるメッセージの種類"
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr "PAM 要求に対してキャッシュされた認証情報を保持する秒数"
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr "警告が表示されるパスワード失効前の日数"
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+msgid "Message printed when user account is locked."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr "sudo ルールにおいて時間による属性を評価するかどうか"
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr "known_hosts ファイルにおいてホスト名とアドレスをハッシュ化するかどうか"
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr "ホスト鍵が要求された後 known_hosts ファイルにホストを保持する秒数"
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
#, fuzzy
msgid "Path to storage of trusted CA certificates"
msgstr "CA 証明書を含むファイル"
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr "PAC レスポンダーへのアクセスが許可された UID またはユーザー名の一覧"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr "アイデンティティプロバイダー"
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr "認証プロバイダー"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr "アクセス制御プロバイダー"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr "パスワード変更プロバイダー"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr "SUDO プロバイダー"
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr "Autofs プロバイダー"
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr "セッション読み込みプロバイダー"
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr "ホスト識別プロバイダー"
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr "最小ユーザー ID"
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr "最大ユーザー ID"
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr "すべてのユーザー・グループの列挙を有効にする"
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr "オフラインログインのためにクレディンシャルをキャッシュする"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr "パスワードハッシュを保存する"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr "ユーザー・グループを完全修飾形式で表示する"
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr "グループ検索にグループメンバーを含めない"
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr "エントリーキャッシュのタイムアウト長(秒)"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr "DNS 検索を実行するときに特定のアドレスファミリーを制限または優先します"
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr "最終ログイン成功時からキャッシュエントリーを保持する日数"
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr "サーバーを名前解決するときに DNS から応答を待つ時間(秒)"
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr "サービス検索 DNS クエリーのドメイン部分"
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr "識別プロバイダーからの GID 値をこの値で上書きする"
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr "ユーザー名が大文字小文字を区別するよう取り扱う"
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr "期限切れのエントリーがバックグラウンドで更新される頻度"
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr "自動的にクライアントの DNS エントリーを更新するかどうか"
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr "クライアントの DNS 項目を更新後、適用する TTL"
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr "動的 DNS 更新のために使用される IP のインターフェース"
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr "どのくらい定期的にクライアントの DNS エントリーを更新するか"
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
"プロバイダーが同じように PTR レコードを明示的に更新する必要があるかどうか"
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr "nsupdate ユーティリティが標準で TCP を使用するかどうか"
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr "DNS 更新を実行するために使用すべき認証の種類"
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
#, fuzzy
msgid "Override the DNS server used to perform the DNS update"
msgstr "DNS 更新を実行するために使用すべき認証の種類"
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr "IPA ドメイン"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr "IPA サーバーのアドレス"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr "バックアップ IPA サーバーのアドレス"
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr "IPA クライアントのホスト名"
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr "FreeIPA にあるクライアントの DNS エントリーを自動的に更新するかどうか"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr "HBAC 関連オブジェクトの検索ベース"
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr "IPA サーバーに対する HBAC ルールを検索している間の合計時間"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr "IPA サーバーに対する SELinux マップの検索の間の秒単位の合計時間"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr "もし偽に設定されていると、 PAM により渡されたホスト引数は無視されます"
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr "この IPA クライアントが使用している automounter の場所"
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr "IPA ドメインに関する情報を含むオブジェクトに対する検索ベース"
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr "ID 範囲に関する情報を含むオブジェクトに対する検索ベース"
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr "DNS サイトの有効化 - 位置にサービス探索"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr "Active Directory ドメイン"
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr "Active Directory サーバーアドレス"
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr "Active Directory バックアップサーバーのアドレス"
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr "Active Directory クライアントホスト名"
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr "アクセス権限を決めるための LDAP フィルター"
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr "Kerberos サーバーのアドレス"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr "Kerberos バックアップサーバーのアドレス"
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr "Kerberos レルム"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr "認証のタイムアウト"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr "kdcinfo ファイルを作成するかどうか"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr "クレディンシャルのキャッシュを保存するディレクトリー"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr "ユーザーのクレディンシャルキャッシュの位置"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr "クレディンシャルを検証するキーテーブルの場所"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr "クレディンシャルの検証を有効にする"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr "後からオンライン認証するためにオフラインの場合にパスワードを保存します"
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr "更新可能な TGT の有効期間"
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr "TGT の有効期間"
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr "更新を確認する間隔"
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr "FAST を有効にする"
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr "FAST に使用するプリンシパルを選択する"
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr "プリンシパル正規化を有効にする"
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr "エンタープライズ・プリンシパルの有効化"
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr "KDC になければ、パスワード変更サービスが実行されているサーバー"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, LDAP サーバーの URI"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr "ldap_backup_uri, LDAP サーバーの URI"
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr "デフォルトのベース DN"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "LDAP サーバーにおいて使用中のスキーマ形式, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr "デフォルトのバインド DN"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr "デフォルトのバインド DN の認証トークンの種類"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr "デフォルトのバインド DN の認証トークン"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr "接続を試行する時間"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "LDAP 同期操作を試行する時間"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr "オフラインの間に再接続を試行する時間"
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr "レルム名に対して大文字のみを使用する"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr "CA 証明書を含むファイル"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr "CA 証明書のディレクトリーのパス"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr "クライアント証明書を含むファイル"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr "クライアントの鍵を含むファイル"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr "利用可能な暗号の一覧"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr "TLS 証明書の検証を要求する"
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr "使用する SASL メカニズムを指定する"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr "使用する SASL 認可 ID を指定する"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr "使用する SASL 認可レルムを指定する"
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr "LDAP SASL 認可の最小 SSF を指定する"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr "Kerberos サービスのキーテーブル"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr "LDAP 接続に対して Kerberos 認証を使用する"
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr "LDAP リフェラルにしたがう"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr "LDAP 接続の TGT の有効期間"
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr "エイリアスを参照解決する方法"
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr "DNS サービス検索のサービス名"
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr "単一の LDAP 問い合わせにおいて取得するレコード数"
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr "完全な参照解決を引き起こすために欠けている必要があるメンバーの数"
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -767,392 +807,401 @@ msgstr ""
"LDAP ライブラリーが SASL バインド中にホスト名を正規化するために逆引きを実行す"
"るかどうか"
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr "entryUSN 属性"
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr "lastUSN 属性"
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr "LDAP サーバーを切断する前に接続を保持する時間"
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr "LDAP ページング制御を無効化する"
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr "Active Directory 範囲の取得の無効化"
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr "検索要求を待つ時間"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr "列挙の要求を待つ時間"
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr "列挙の更新間隔"
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr "キャッシュをクリーンアップする間隔"
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr "ID 検索に TLS を要求する"
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr "事前設定済み ID の代わりに objectSID の ID マッピングを使用します"
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr "ユーザー検索のベース DN"
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr "ユーザー検索の範囲"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr "ユーザー検索のフィルター"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr "ユーザーのオブジェクトクラス"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr "ユーザー名の属性"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr "UID の属性"
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr "プライマリー GID の属性"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr "GECOS の属性"
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr "ホームディレクトリの属性"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr "シェルの属性"
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr "objectSID 属性"
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr "ID マッピングの Active Directory プライマリーグループ属性"
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr "ユーザープリンシパルの属性(Kerberos 用)"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr "氏名"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr "memberOf 属性"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr "変更日時の属性"
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr "shadowLastChange 属性"
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr "shadowMin 属性"
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr "shadowMax 属性"
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr "shadowWarning 属性"
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr "shadowInactive 属性"
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr "shadowExpire 属性"
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr "shadowFlag 属性"
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr "認可された PAM サービスを一覧化する属性"
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr "認可されたサーバーホストを一覧化する属性"
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr "krbLastPwdChange 属性"
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr "krbPasswordExpiration 属性"
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr "サーバー側パスワードポリシーが有効であることを意味する属性"
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr "AD の accountExpires 属性"
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr "AD の userAccountControl 属性"
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr "nsAccountLock 属性"
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr "NDS の loginDisabled 属性"
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr "NDS の loginExpirationTime 属性"
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "NDS の loginAllowedTimeMap 属性"
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr "SSH 公開鍵の属性"
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr "グループ検索のベース DN"
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr "グループのオブジェクトクラス"
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr "グループ名"
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr "グループのパスワード"
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr "GID 属性"
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr "グループメンバー属性"
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr "グループの変更日時の属性"
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+#, fuzzy
+msgid "The LDAP group external member attribute"
+msgstr "ネットグループメンバーの属性"
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr "SSSd がしたがう最大入れ子レベル"
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr "ネットグループ検索のベース DN"
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr "ネットグループのオブジェクトクラス"
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr "ネットグループ名"
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr "ネットグループメンバーの属性"
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr "ネットグループの三つ組の属性"
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr "ネットグループの変更日時の属性"
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr "サービス検索のベース DN"
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr "サービスのオブジェクトクラス"
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr "サービス名の属性"
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr "サービスポートの属性"
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr "サービスプロトコルの属性"
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr "ID マッピングの下限"
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr "ID マッピングの上限"
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr "ID マッピングするとき、各スライスに対する ID の数"
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr "ID マッピングに対する autorid 互換アルゴリズムを使用します"
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr "ID マッピングに対するデフォルトドメインの名前"
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr "ID マッピングに対するデフォルトドメインの SID"
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr "グループ検索のために LDAP_MATCHING_RULE_IN_CHAIN を使用します"
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr "初期グループの検索のために LDAP_MATCHING_RULE_IN_CHAIN を使用します"
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr "LDAP サーバーから許可される ID の下限の設定"
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr "LDAP サーバーから許可される ID の上限の設定"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr "パスワード失効の評価のポリシー"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr "どの属性がアカウントが失効しているかを評価するために使用されるか"
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr "どのルールがアクセス制御を評価するために使用されるか"
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr "パスワードの変更が許可される LDAP サーバーの URI"
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr "パスワードの変更が許可されるバックアップ LDAP サーバーの URI"
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr "LDAP パスワードの変更サーバーの DNS サービス名"
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr "パスワード変更後 ldap_user_shadow_last_change 属性を更新するかどうか"
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr "sudo ルール検索のベース DN"
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr "自動的な完全更新間隔"
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr "自動的なスマート更新間隔"
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
"ホスト名、IP アドレスおよびネットワークによるフィルタールールを使用するかどう"
"か"
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
@@ -1160,275 +1209,271 @@ msgstr ""
"sudo ルールをフィルターするこのマシンのホスト名および/または完全修飾ドメイン"
"名"
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
"sudo ルールをフィルターするこのマシンの IPv4 または IPv6 アドレスまたはネット"
"ワーク"
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr "ホスト属性にネットワークグループを含むルールを含めるかどうか"
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr "ホスト属性に正規表現を含むルールを含めるかどうか"
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr "sudo ルールのオブジェクトクラス"
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr "sudo ルール名"
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr "sudo ルールのコマンドの属性"
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr "sudo ルールのホストの属性"
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr "sudo ルールのユーザーの属性"
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr "sudo ルールのオプションの属性"
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr "sudo ルールの runasuser の属性"
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr "sudo ルールの runasgroup の属性"
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr "sudo ルールの notbefore の属性"
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr "sudo ルールの notafter の属性"
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr "sudo ルールの order の属性"
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr "automounter マップのオブジェクトクラス"
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr "オートマウントのマップ名の属性"
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr "automounter マップエントリーのオブジェクトクラス"
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr "automounter マップエントリーのキー属性"
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr "automounter マップエントリーの値属性"
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr "automonter のマップ検索のベース DN"
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr "許可ユーザーのカンマ区切り一覧"
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr "禁止ユーザーのカンマ区切り一覧"
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr "デフォルトのシェル, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr "ホームディレクトリーのベース"
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr "使用する NSS ライブラリーの名前"
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr "可能ならばキャッシュから正規化されたグループ名を検索するかどうか"
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr "使用する PAM スタック"
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr "デーモンとして実行(デフォルト)"
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr "対話的に実行(デーモンではない)"
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "非標準の設定ファイルの指定"
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr "バージョン番号を表示して終了する"
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr "デバッグレベル"
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr "デバッグのタイムスタンプを追加する"
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr "タイムスタンプをミリ秒単位で表示する"
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr "デバッグログのオープンファイルディスクリプター"
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr ""
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr ""
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr "情報プロバイダーのドメイン (必須)"
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr "特権ソケットの所有者またはパーミッションが誤っています。"
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr "公開ソケットの所有者またはパーミッションが誤っています。"
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr "サーバーのクレディンシャルメッセージの予期しない形式です。"
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr "SSSD は root により実行されません。"
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr "エラーが発生しましたが、説明がありませんでした。"
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr "エラーの説明を検索中に予期しないエラーが発生しました"
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr ""
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr "サーバーのメッセージ: "
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr "パスワードが一致しません"
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr "root によるパスワードのリセットはサポートされません。"
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr "キャッシュされているクレディンシャルを用いて認証されました"
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr "、キャッシュされたパスワードが失効します: "
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr "パスワードの期限が切れています。あと %1$d 回ログインできます。"
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr "あなたのパスワードは %1$d %2$s に危険が切れます。"
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr "次まで認証が拒否されます: "
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr "システムがオフラインです、パスワード変更ができません"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
msgstr ""
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr "パスワードの変更に失敗しました。 "
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr "新しいパスワード: "
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr "新しいパスワードの再入力: "
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr "パスワード: "
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr "現在のパスワード: "
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr "パスワードの期限が切れました。いますぐパスワードを変更してください。"
@@ -1437,7 +1482,7 @@ msgstr "パスワードの期限が切れました。いますぐパスワード
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "実行するデバッグレベル"
@@ -1450,7 +1495,7 @@ msgstr "使用する SSSD ドメイン"
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr "ロケールの設定中にエラーが発生しました\n"
@@ -1908,81 +1953,92 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr "トランザクションエラー。ユーザーを変更できませんでした。\n"
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr "指定された検索に一致するキャッシュオブジェクトがありません\n"
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr ""
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr ""
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
-msgstr ""
+#: src/tools/sss_cache.c:644
+#, fuzzy
+msgid "Invalidate all cached entries"
+msgstr "すべてのサービスの無効化"
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr "特定のユーザーを無効にする"
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr "すべてのユーザーを無効にする"
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr "特定のグループを無効にする"
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr "すべてのグループを無効にする"
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr "特定のネットワークグループを無効にする"
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr "すべてのネットワークグループを無効にする"
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr "特定のサービスの無効化"
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr "すべてのサービスの無効化"
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr "特定の autofs マップの無効化"
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr "すべての autofs マップの無効化"
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr ""
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr ""
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+#, fuzzy
+msgid "Invalidate particular sudo rule"
+msgstr "特定のユーザーを無効にする"
+
+#: src/tools/sss_cache.c:677
+#, fuzzy
+msgid "Invalidate all cached sudo rules"
+msgstr "すべてのユーザーを無効にする"
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr "特定のドメインのみからエントリーを無効にする"
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr "無効化するオブジェクトを少なくとも一つ選択してください\n"
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
@@ -1991,7 +2047,7 @@ msgstr ""
"ドメイン %1$s を開けませんでした。ドメインがサブドメイン (信頼済みドメイン) "
"であれば、--domain/-d パラメーターの代わりに完全修飾名を使用してください。\n"
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr "利用可能なドメインを開けませんでした\n"
@@ -2013,7 +2069,7 @@ msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
"名前 '%1$s' が FQDN であるように見えません ('%2$s = TRUE' が設定されます)\n"
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr "メモリー不足\n"
@@ -2022,14 +2078,13 @@ msgstr "メモリー不足\n"
msgid "%1$s must be run as root\n"
msgstr "%1$s は root として実行する必要があります\n"
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr "デバッグ出力を標準エラーの代わりにファイルに送信する"
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr ""
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr ""
+
+#~ msgid "Send the debug output to files instead of stderr"
+#~ msgstr "デバッグ出力を標準エラーの代わりにファイルに送信する"
diff --git a/po/nb.po b/po/nb.po
index 76e0b1b52..fa27ac5fc 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Norwegian Bokmål (http://www.transifex.com/projects/p/sssd/"
@@ -18,1400 +18,1442 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr "SSSD-tjenester som skal startes"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr "SSSD-domener som skal startes"
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr "Tidsavbrudd for meldinger som sendes over SBUS"
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:65
+msgid "Tune certificate verification"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+msgid "Files negative cache timeout length (seconds)"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+msgid "Message printed when user account is locked."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
msgid "Path to storage of trusted CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr "Identitetstilbyder"
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr "Autentiseringstilbyder"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr "Tilgangskontrolltilbyder"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr "Passordbyttetilbyder"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr "Minste bruker-ID"
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr "Største bruker-ID"
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr "IPA-domene"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr "IPA-tjeneradresse"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr "Vertsnavn for IPA-klient"
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr "Tjeneradresse for Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr "Kerberos-område"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr "Tidsavbrudd for autentisering"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+msgid "The LDAP group external member attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr ""
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr ""
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr ""
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr ""
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
msgstr ""
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr ""
@@ -1420,7 +1462,7 @@ msgstr ""
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr ""
@@ -1433,7 +1475,7 @@ msgstr ""
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr ""
@@ -1863,88 +1905,96 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr ""
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr ""
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr ""
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
+#: src/tools/sss_cache.c:644
+msgid "Invalidate all cached entries"
msgstr ""
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr ""
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr ""
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+msgid "Invalidate particular sudo rule"
+msgstr ""
+
+#: src/tools/sss_cache.c:677
+msgid "Invalidate all cached sudo rules"
+msgstr ""
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr ""
@@ -1965,7 +2015,7 @@ msgstr ""
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr ""
@@ -1974,14 +2024,10 @@ msgstr ""
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr ""
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr ""
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr ""
diff --git a/po/nl.po b/po/nl.po
index cb4ac757b..d0b6b85a0 100644
--- a/po/nl.po
+++ b/po/nl.po
@@ -13,7 +13,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/"
@@ -23,73 +23,78 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr "Stel de verbositeit van de debug statements in"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr "Neem tijdstempels op in de debug logs"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr "Voeg microseconden aan tijdstempel is debug log"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr "Schrijf debug berichten naar logbestanden"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr "Ping timeout voordat service herstart is"
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
"Time-out tussen drie mislukte ping checks en de service dwingend te stoppen "
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr "Commando om service te starten"
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr "Aantal pogingen naar de Data Providers te verbinden"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
"Het aantal bestand descriptors die door deze beantwoorder geopend mogen "
"worden"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr "Duur van inactiviteit voor het automatisch loskoppelen van een cliënt"
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr "SSSD Services die gestart moeten worden"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr "SSSD Domeinen die gestart moeten worden"
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr "Timeout voor berichten die over SBUS worden verzonden"
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr "Reguliere expressie om gebruikersnamen en domeinen te ontleden"
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Printf-compatibel formaat voor het tonen van namen in volledige vorm"
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -97,70 +102,80 @@ msgstr ""
"Map in het bestandssysteem waarin SSSD Kerberos replay cache bestanden moet "
"opslaan."
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr "Domein toe te voegen aan namen zonder een domein component."
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:65
+#, fuzzy
+msgid "Tune certificate verification"
+msgstr "Vereis verificatie van het TLS-certificaat"
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr "Enumeratie cache timeout duur (in seconden)"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr "Entry cache achtergrond update timeout duur (in seconden)"
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr "Negatieve cache timeout duur (in seconden)"
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+#, fuzzy
+msgid "Files negative cache timeout length (seconds)"
+msgstr "Negatieve cache timeout duur (in seconden)"
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr "Gebruikers die SSSD expliciet dient te negeren"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr "Groepen die SSSD expliciet dient te negeren"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr "Dienen gefilterde gebruikers zichtbaar te zijn in groepen"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr "De waarde van het wachtwoordveld die de NSS aanbieder terug moet geven"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr ""
"Overschrijf homedir waarde van de identiteit aanbieder met deze waarde "
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
"Vervang lege persoonlijke map waarde van de eindentiteitsaanbieder met deze "
"waarde"
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr "Overschrijf shell waarde van identiteit provider met deze waarde"
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr "De lijst van shells waarmee ingelogd kan worden"
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
"De lijst van shells die verboden zijn, en vervangen door de fallback shell"
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -168,27 +183,27 @@ msgstr ""
"Als een shell opgeslagen in de centrale map toegestaan is, maar niet "
"beschikbaar, gebruik dan deze"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr "Te gebruiken shell als de aanbieder er geen aangeeft "
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr "Hoe lang zullen cache records in het geheugen geldig blijven"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr "Hoe lang zijn cached logins toegestaan tussen online logins (in dagen)"
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr "Hoe veel mislukte inlogpogingen zijn toegestaan in offline-modus"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -196,54 +211,66 @@ msgstr ""
"Hoe lang (in minuten) logins weigeren nadat offline_failed_login_attempts is "
"bereikt"
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
"Welke boodschappen worden aan de gebruiker getoond tijdens authenticatie"
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
"Hoeveel seconden moet de identiteit informatie in cache opgeslagen worden "
"voor PAN aanvragen"
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
"Hoeveel dagen voor het verlopen van het wachtwoord moet een waarschuwing "
"getoond worden"
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+msgid "Message printed when user account is locked."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
"Of de tijd-gebaseerde attributen in sudo regels moeten worden geëvalueerd"
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
"Moeten host namen en adressen gehashd worden in het known_hosts bestand"
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
@@ -251,220 +278,224 @@ msgstr ""
"Hoeveel seconden moet een host in het known_hosts bestand blijven nadat de "
"host sleutels ervan werden aangevraagd"
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
#, fuzzy
msgid "Path to storage of trusted CA certificates"
msgstr "Bestand dat de bekende CA-certificaten bevat"
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
"Lijst met UID's of gebruikersnamen waarvoor toegang tot de PAC responder "
"toegestaan is"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr "Identiteitaanbieder"
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr "Authentiecatieaanbieder"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr "Toegangscontroleaanbieder"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr "Wachtwoordwijzigingsaanbieder"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr "SUDO provider"
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr "Autofs provider"
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr "Session-loading provider"
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr "Host identity provider"
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr "Minimum gebruiker ID"
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr "Maximum gebruiker ID"
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr "Schakel enumeratie van alle gebruikers/groepen"
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr "Cache inloggegevens voor offline gebruik"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr "Sla vingerafdrukken van wachtwoorden op"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr "Laat gebruikers/groepen in volledige vorm zien"
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr "Neem groepsleden niet mee in groep zoekacties"
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr "Entry cache timeout duur (in seconden)"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Beperk of geef de voorkeur aan een specifieke adresfamilie wanneer er DNS-"
"lookups uitgevoerd worden"
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Hoe lang blijven gegevens opgeslagen na een succesvolle login (in dagen)"
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Hoe lang te wachten op antwoord van de DSN bij het opzoeken van servers (in "
"seconden)"
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr "Het domeingedeelte van DNS queries die service discovery uitvoeren"
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr "Overschrijf GID waarde van de identiteit aanbieder met deze waarde"
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr "Behandel gebruikersnamen als hoofdlettergevoelig"
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr "Hoe vaak moeten verlopen ingangen op de achtergrond ververst worden"
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr "Of de DNS ingang van de cliënt automatisch vernieuwd moet worden"
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
"De TTL die toegepast moet worden op de DNS ingang van de cliënt na het "
"vernieuwen hiervan"
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"De adapter wiens IP-adres gebruikt moet worden voor het dynamisch bijwerken "
"van de DNS"
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr "Hoe vaak de DNS ingang van de client periodiek vernieuwd moet worden"
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr "Of de provider ook de PTR record expliciet moet vernieuwen"
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr "Of het nsupdate hulpprogramma standaard TCP moet gebruiken"
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
"Welke soort authenticatie moet gebruikt worden om de DNS vernieuwing uit te "
"voeren"
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
#, fuzzy
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
"Welke soort authenticatie moet gebruikt worden om de DNS vernieuwing uit te "
"voeren"
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr "IPA-domein"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr "IPA-serveradres"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr "Adres van back-up IPA server"
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr "IPA-clienthostname"
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
"Of de DNS-gegevens van de client automatisch bijgewerkt moeten worden in "
"FreeIPA"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr "Zoek basis voor HBAC gerelateerde objecten"
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr "De tijdsduur tussen het opzoeken van HBAC regels voor de IPA server"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
@@ -472,343 +503,352 @@ msgstr ""
"De tijdsduur in seconden tussen zoekopdrachten in de SELinux mappen voor de "
"IPA server"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
"Als dit op false ingesteld is, wordt het host argument gegeven door PAM "
"genegeerd"
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr "De automounter locatie die door deze IPA client wordt gebruikt"
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr "Zoek in base voor object die info over IPA domein bevat "
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr "Zoek in base voor objecten die info over ID bereiken bevat"
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr "Zet DNS sites aan - locatie gebaseerde service ontdekking"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr "Active Directory domein"
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr "Active Directory server adres"
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr "Active Directory back-up server adres"
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr "Active Directory cliënt hostnaam"
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr "LDAP-filter om toegangsprivileges mee te bepalen"
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr "Kerberos-serveradres"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr "Kerberos back-up server adres"
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr "Kerberos-rijk"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr "Authenticatie timeout"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr "Moeten kdcinfo bestanden aangemaakt worden"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr "Werkmap waar authenticatiegegevens opgeslagen worden"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr "Locatie van de authenticatiecache van de gebruiker"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr "Locatie van de keytab om authenticatiegegevens te valideren"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr "Schakel authenticatiegegevensvalidatie in"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr ""
"Sla het wachtwoord op indien offline voor later gebruik bij online "
"authenticatie"
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr "Vernieuwbare levensduur van de TGT"
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr "Levensduur van de TGT"
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr "Tijd tussen twee checks voor vernieuwing"
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr "Zet FAST aan"
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr "Selecteert de hoofdpersoon te gebruiken voor FAST "
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr "Zet hoofdpersoon sanctioneren aan"
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr "Zet enterprise principals aan"
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Server waar het wachtwoord wijzigingsservice draait indien niet op de KDC"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, de URI van de LDAP server"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr "ldap_backup_uri, De URI van de LDAP server"
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr "De standaard base DN"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Het schema type wat gebruikt wordt op de LDAP server, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr "De standaard bind DN"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr "Het type authenticatietoken van de standaard bind DN"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr "Het authenticatietoken van de standaard bind DN"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr "Hoe lang pogen te verbinden"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Hoe lang proberen synchroon LDAP te benaderen"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
"Duur tussen pogingen om de verbinding opnieuw tot stand te brengen tijdens "
"offline zijn"
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr "Gebruik alleen hoofdletters voor gebiedsnamen"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr "Bestand dat de bekende CA-certificaten bevat"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr "Pad naar de CA-certificatenmap"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr "Bestand dat het client certificaat bevat"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr "Bestand dat de client sleutel bevat"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr "Lijst van mogelijke sleutel suites"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr "Vereis verificatie van het TLS-certificaat"
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr "Geef het SASL-mechanisme op wat gebruikt moet worden"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr "Geef het SASL-authorisatie-ID op wat gebruikt moet worden"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr "Specificeer het te gebruiken sasl autorisatiegebied "
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr "Specificeer de minimale SSF voor LDAP sasl autorisatie"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr "Kerberos service keytab"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr "Gebruik Kerberos authenticatie voor LDAP-connectie"
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr "Volg LDAP-doorverwijzingen"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr "Levensduur van TGT voor LDAP-connectie"
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr "Hoe moet de alias referentie verwijderd worden"
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr "Service naam voor DNS service opzoeken"
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
"Het aantal records dat opgehaald moet worden met een enkele LDAP bevraging"
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
"Het aantal leden van moet ontbreken om een volledige de-referentie te "
"veroorzaken"
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -816,374 +856,383 @@ msgstr ""
"Moet de LDAP bibliotheek omgekeerd opzoeken uitvoeren om de hostnaam te "
"autoriseren tijdens een SASL binding"
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr "entryUSN attribuut"
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr "lastUSN attribuut"
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
"Hoe lang een verbinding met de LDAP server gebouden moet blijven voordat het "
"losgekoppeld wordt"
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr "Het LDAP paging besturingselement uitschakelen"
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr "Zet Active Directory bereik opvragen uit"
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr "Tijd om te wachten op een zoekopdracht"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr "Tijdsduur te wachten voor een opsommingsverzoek"
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr "Tijd om te wachten tussen enumeratie-updates"
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr "Tijdsduur tussen cache opschoningen"
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr "Vereis TLS voor het opzoeken van ID's"
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr "Gebruik ID-mapping van objectSID gebruiken in plaats van pre-set ID's"
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr "Base DN voor het opzoeken van gebruikers"
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr "Scope voor het opzoeken van gebruikers"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr "Filter voor het opzoeken van gebruikers"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr "Objectclass voor gebruikers"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr "Username-attribuut"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr "UID-attribuut"
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr "Primair GID-attribuut"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr "GECOS-attribuut"
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr "Gebruikersmap-attribuut"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr "Shell-attribuut"
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr "objectSID attribuut"
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr "Active Directory primaire groep attribuut voor ID-mapping"
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr "Userprincipal-attribuut (voor Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr "Volledige naam"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr "memberOf-attribuut"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr "Modification time-attribuut"
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr "shadowLastChange attribuut"
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr "shadowMin attribuut"
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr "shadowMax attribuut"
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr "shadowWarning attribuut"
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr "shadowInactive attribuut"
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr "shadowExpire attribuut"
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr "shadowFlag attribuut"
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr "Attribuut voor tonen van geautoriseerde PAM services"
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr "Attribuut dat geautoriseerde server hosts toont"
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr "krbLastPwdChange attribuut"
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr "krbPasswordExpiration attribuut"
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr "Attribuut welke aangeeft dat wachtwoordtactiek op de server actief is"
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr "accountExpires attribuut van AD"
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr "userAccountControl attribuut van AD"
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr "nsAccountLock attribuut"
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr "loginDisabled attribuut van NDS"
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr "loginExpirationTime attribuut van NDS"
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "loginAllowedTimeMap attribuut van NDS"
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr "SSH publieke sleutel attribuut"
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr "Basis DN voor groep opzoeken"
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr "Objectklasse voor groepen"
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr "Groepsnaam"
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr "Groep wachtwoord"
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr "GID attribuut"
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr "Groep deelnemer attribuut"
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr "Verandertijd attribuut voor groepen"
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+#, fuzzy
+msgid "The LDAP group external member attribute"
+msgstr "Netgroep leden attribuut"
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr "Maximale nest niveau dat SSSd zal volgen"
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr "Basis DN voor netgroep opzoeken"
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr "Objectklasse voor netgroepen"
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr "Netgroep naam"
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr "Netgroep leden attribuut"
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr "Netgroep triple attibuut"
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr "Verandertijd attribuut voor netgroepen"
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr "Basis DN voor service lookups"
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr "Objectclass voor services"
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr "Service naam attribuut"
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr "Service port attribuut"
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr "Service protocol attribuut"
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr "Ondergrens voor ID-mapping"
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr "Bovengrens voor ID-mapping"
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr "Aantal ID's voor elk segment bij ID-mapping"
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr "Gebruik autorid-compatibel algoritme voor ID-mapping"
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr "Naam van het standaard domein voor ID-mapping"
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr "SID van het standaard domein voor ID-mapping"
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr "Gebruik LDAP_MATCHING_RULE_IN_CHAIN voor groep opzoeken"
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr "Gebruik LDAP_MATCHING_RULE_IN_CHAIN voor initgroep opzoeken"
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr "Laagste grens instellen voor toegestane id's van de LDAP-server"
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr "Hoogste grens instellen voor toegestane id's van de LDAP-server"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr "Policy om wacthwoordverloop mee te evalueren"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
"Welke attributen worden gebruikt voor evaluatie als het account verlopen is"
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr ""
"Welke regels moeten gebruikt worden voor de evaluatie van toegangscontrole"
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
"URI van een LDAP server waarop wachtwoord veranderingen toegestaan zijn"
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
"URI van een back-up LDAP server waar wachtwoord veranderingen toegestaan zijn"
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr "DNS service naam voor LDAP wachtwoord verander server"
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
@@ -1191,23 +1240,23 @@ msgstr ""
"Moet het ldap_user_shadow_last_change attribuut vernieuwd worden na een "
"wachtwoordwijziging"
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr "Basis DN voor sudo regels lookups"
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr "Automatische volledige ververs periode"
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr "Automatische slimme ververs periode"
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr "Moeten regels gefilterd worden volgens hostnaam, IP adres en netwerk"
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
@@ -1215,280 +1264,276 @@ msgstr ""
"Hostnamen en/of volledig gekwalificeerde domeinnamen van deze machine voor "
"het filteren van sudo regels"
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
"IPv4 of IPv6 adressen of netwerk van deze machine voor het filteren van sudo "
"regels"
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
"Moeten regels toegevoegd worden die netgroep bevatten in host attribuut "
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
"Moeten regels toegevoegd worden die regulaire expressie bevatten in host "
"attribuut "
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr "Objectklasse voor sudo regels"
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr "Sudo regelnaam"
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr "Sudo regel opdracht attribuut"
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr "Sudo regel host attribuut"
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr "Sudo regel gebruiker attribuut"
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr "Sudo regel optie attribuut"
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr "Sudo regel runasuser attribuut"
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr "Sudo regel runasgroup attribuut"
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr "Sudo regel notbefore attribuut"
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr "Sudo regel notafter attribuut"
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr "Sudo regel volgorde attribuut"
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr "Object class voor automounter maps"
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr "Automounter map naam attribuut"
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr "Objectklasse voor automounter map ingaven"
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr "Automounter map sleutel ingave attribuut"
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr "Automounter map ingavewaarde attribuut"
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr "Basis DN voor automounter kaart opzoeken"
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr "Kommagescheiden lijst van toegestane gebruikers"
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr "Kommagescheiden lijst van geweigerde gebruikers"
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr "Standaard shell, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr "Basis voor gebruikersmappen"
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr "De naam van de NSS-bibliotheek die gebruikt wordt"
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr "Moet indien mogelijk canonieke groepsnaam in cache opgezocht worden "
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr "PAM-stack die gebruikt wordt"
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr "Start in de achtergrond (standaard)"
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr "Start interactief (standaard)"
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Geef een niet-standaard configuratiebestand op"
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr "Print versie nummer en sluit af"
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr "Debug niveau"
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr "Voeg tijdstempels toe aan debugberichten"
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr "Toon tijdstempel met microseconden"
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr "Een geopend bestand voor de debug logs"
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr ""
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr ""
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr "Domein voor de informatie provider (verplicht)"
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr "Socket met privileges heeft verkeerde rechten of eigendom."
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr "Publiek socket heeft verkeerde rechten of eigendom."
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr "Onverwacht formaat van het inloggegevensbericht van de server."
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr "SSSD wordt niet door root gestart."
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr ""
"Er is een fout opgetreden, maar er kan geen omschrijving gevonden worden."
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr "Onverwachtte fout bij het opzoeken van een omschrijving"
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr ""
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr "Serverbericht:"
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr "Wachtwoorden komen niet overeen"
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr "Wachtwoorden als root wijzigen wordt niet ondersteund."
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr "Geauthenticeerd met gecachte inloggegevens."
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ", uw wachtwoord verloopt op:"
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
"Je wachtwoord is verlopen. Je hebt nog slechts %1$d login(s) beschikbaar."
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr "Je wachtwoord zal verlopen in %1$d %2$s."
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr "Inloggen wordt geweigerd tot:"
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr "Systeem is offline, wachtwoord wijzigen niet mogelijk"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
msgstr ""
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr "Wijzigen van wachtwoord mislukt."
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr "Nieuw Wachtwoord: "
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr "Voer nieuw wachtwoord nogmaals in: "
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr "Wachtwoord: "
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr "Huidig wachtwoord:"
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr "Wachtwoord verlopen. Verander nu uw wachtwoord."
@@ -1497,7 +1542,7 @@ msgstr "Wachtwoord verlopen. Verander nu uw wachtwoord."
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "Het debugniveau waarmee gestart wordt"
@@ -1510,7 +1555,7 @@ msgstr "Hrt te gebruiken SSSD domein"
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr "Fout bij het zetten van de locale\n"
@@ -1972,82 +2017,93 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr "Transactiefout. Kan de gebruiker niet aanpassen.\n"
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr ""
"Geen enkel cache object komt overeen met de gespecificeerde zoekopdracht\n"
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr ""
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr ""
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
-msgstr ""
+#: src/tools/sss_cache.c:644
+#, fuzzy
+msgid "Invalidate all cached entries"
+msgstr "Maak alle services ongeldig"
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr "Maak bepaalde gebruiker ongeldig"
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr "Maak alle gebruikers ongeldig"
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr "Maak bepaalde groep ongeldig"
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr "Maak alle groepen ongeldig"
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr "Maak bepaalde netgroep ongeldig"
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr "Maak alle netgroepen ongeldig"
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr "Maak bepaalde service ongeldig "
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr "Maak alle services ongeldig"
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr "Maak bepaalde autofs map ongeldig"
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr "Maak alle autofs mappen ongeldig"
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr ""
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr ""
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+#, fuzzy
+msgid "Invalidate particular sudo rule"
+msgstr "Maak bepaalde gebruiker ongeldig"
+
+#: src/tools/sss_cache.c:677
+#, fuzzy
+msgid "Invalidate all cached sudo rules"
+msgstr "Maak alle gebruikers ongeldig"
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr "Maak alleen ingangen van een bepaald domein ongeldig"
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr "Selecteer tenminste een object om ongeldig te maken\n"
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
@@ -2057,7 +2113,7 @@ msgstr ""
"is, gebruik dan de volledig gekwalificeerde naam in plaats van --domain/-d "
"parameter.\n"
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr "Kon beschikbare domeinen niet openen\n"
@@ -2078,7 +2134,7 @@ msgstr "Er wordt slechts een argument verwacht\n"
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr "Naam '%1$s' lijkt geen FQDN ('%2$s = TRUE' is ingesteld) te zijn\n"
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr "Het geheugen zit vol\n"
@@ -2087,14 +2143,13 @@ msgstr "Het geheugen zit vol\n"
msgid "%1$s must be run as root\n"
msgstr "%1$s moet als root uitgevoerd worden\n"
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr "Stuur de debuguitvoer naar bestanden in plaats van stderr"
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr ""
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr ""
+
+#~ msgid "Send the debug output to files instead of stderr"
+#~ msgstr "Stuur de debuguitvoer naar bestanden in plaats van stderr"
diff --git a/po/pl.po b/po/pl.po
index 9fe2d4e13..e83072f5f 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -5,14 +5,14 @@
# Translators:
# Piotr Drąg <piotrdrag@gmail.com>, 2011-2014
# sgallagh <sgallagh@redhat.com>, 2011
-# Piotr Drąg <piotrdrag@gmail.com>, 2015. #zanata
+# Piotr Drąg <pdrag@aviary.pl>, 2015. #zanata
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
"PO-Revision-Date: 2015-08-28 11:04-0400\n"
-"Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
+"Last-Translator: Piotr Drąg <pdrag@aviary.pl>\n"
"Language-Team: Polish (http://www.transifex.com/projects/p/sssd/language/"
"pl/)\n"
"Language: pl\n"
@@ -21,74 +21,79 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
"|| n%100>=20) ? 1 : 2);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr "Ustawia liczbę komunikatów dziennika debugowania"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr "Dołącza daty w dziennikach debugowania"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr "Dołączanie mikrosekund w datach w dziennikach debugowania"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr "Zapisuje komunikaty debugowania do plików dziennika"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr "Czas oczekiwania na ping przed ponownym uruchomieniem usługi"
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
"Czas oczekiwania między trzema sprawdzeniami ping i wymuszeniem zakończenia "
"usługi"
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr "Polecenie do uruchomienia usługi"
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr "Liczba prób połączenia do dostawców danych"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
"Liczba deskryptorów plików, które mogą być otwarte przez ten program "
"odpowiadający"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr "Czas bezczynności przed automatycznym rozłączeniem klienta"
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr "Usługi SSSD do uruchomienia"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr "Domeny SSSD do uruchomienia"
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr "Czas oczekiwania na komunikaty wysyłane przez SBUS"
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr "Wyrażenie regularne do przetworzenia nazwy użytkownika i domeny"
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Format zgodny z printf do wyświetlania pełnych nazw"
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -96,67 +101,77 @@ msgstr ""
"Katalog w systemie plików, w którym SSSD powinno przechowywać pliki pamięci "
"podręcznej odtwarzania Kerberosa."
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr "Domeny do dodania do nazw bez składnika domeny."
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr "Użytkownik, któremu porzucić uprawnienia"
#: src/config/SSSDConfig/__init__.py.in:65
+#, fuzzy
+msgid "Tune certificate verification"
+msgstr "Wymaga sprawdzenia certyfikatu TLS"
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr "Czas oczekiwania pamięci podręcznej wyliczania (sekundy)"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr "Czas oczekiwania aktualizacji tła pamięci podręcznej wpisów (sekundy)"
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr "Ujemny czas oczekiwania pamięci podręcznej (sekundy)"
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+#, fuzzy
+msgid "Files negative cache timeout length (seconds)"
+msgstr "Ujemny czas oczekiwania pamięci podręcznej (sekundy)"
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr "Użytkownicy, którzy powinni być bezpośrednio ignorowani przez SSSD"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr "Grupy, które powinny być bezpośrednio ignorowane przez SSSD"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr "Czy filtrowani użytkownicy powinni pojawiać się w grupach"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr "Wartość pola hasła, jaką dostawca NSS powinien zwrócić"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr "Zastępuje wartość katalogu domowego z dostawcy tożsamości tą wartością"
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
"Zastępuje pustą wartość katalogu domowego z dostawcy tożsamości tą wartością"
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr "Zastępuje wartość powłoki od dostawcy tożsamości tą wartością"
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr "Lista powłok, za pomocą których użytkownicy mogą się logować"
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr "Lista powłok, które zostaną zawetowane i zastąpione powłoką zastępczą"
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -164,30 +179,30 @@ msgstr ""
"Jeśli powłoka przechowywana w katalogu centralnym jest dozwolona, ale nie "
"jest dostępna, to zostanie użyta ta powłoka zastępcza"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr "Powłoka do użycia, jeśli dostawca nie dostarcza żadnej"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr "Jak długo wpisy pamięci podręcznej in-memory są prawidłowe"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
"Wszystkie spacji w nazwach grup i użytkowników zostaną zastąpione tym znakiem"
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Jak długo umożliwiać logowania w pamięci podręcznej między logowaniami w "
"trybie online (dni)"
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr "Ile nieudanych prób zalogowania jest dozwolonych w trybie offline"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -195,365 +210,382 @@ msgstr ""
"Ile czasu (minut) nie pozwalać na zalogowanie po osiągnięciu "
"offline_failed_login_attempts"
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
"Jaki rodzaj komunikatów wyświetlać użytkownikowi podczas uwierzytelniania"
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
"Ile sekund zatrzymać informacje o tożsamości w pamięci podręcznej dla żądań "
"PAM"
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr "Ile dni przed wygaśnięciem hasła wyświetlić ostrzeżenie"
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr "Lista zaufanych UID lub nazw użytkowników"
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr "Lista domen dostępnych także dla niezaufanych użytkowników."
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr "Komunikat wyświetlany po wygaśnięciu konta użytkownika."
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+#, fuzzy
+msgid "Message printed when user account is locked."
+msgstr "Komunikat wyświetlany po wygaśnięciu konta użytkownika."
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr "Określa, czy szacować atrybuty oparte na czasie w regułach sudo"
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr "Określa, czy mieszać nazwy komputerów i adresy w pliku known_hosts"
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
"Ile sekund przechowywać komputer w pliku known_hosts po zażądaniu jego kluczy"
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
#, fuzzy
msgid "Path to storage of trusted CA certificates"
msgstr "Plik zawierający certyfikaty CA"
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
"Lista UID lub nazw użytkowników mających dostęp do programu odpowiadającego "
"PAC"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
"Lista UID lub nazw użytkowników mających dostęp do programu odpowiadającego "
"InfoPipe"
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr "Lista atrybutów użytkownika, które InfoPipe może publikować"
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr "Dostawca tożsamości"
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr "Dostawca uwierzytelniania"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr "Dostawca kontroli dostępu"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr "Dostawca zmiany hasła"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr "Dostawca SUDO"
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr "Dostawca Autofs"
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr "Dostawca wczytywania sesji"
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr "Dostawca tożsamości komputera"
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr "Minimalny identyfikator użytkownika"
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr "Maksymalny identyfikator użytkownika"
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr "Włącza wyliczanie wszystkich użytkowników/grup"
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr "Dane uwierzytelniające pamięci podręcznej dla logowań w trybie offline"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr "Przechowuje mieszanie haseł"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr "Wyświetla użytkowników/grupy w pełnej formie"
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr "Bez dołączania członków grup w wyszukiwaniach grup"
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr "Czas oczekiwania pamięci podręcznej wpisów (sekundy)"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Ogranicza lub preferuje podaną rodzinę adresów podczas wykonywania "
"wyszukiwań DNS"
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Jak długo utrzymywać wpisy logowania w pamięci podręcznej po ostatnim udanym "
"zalogowaniu (dni)"
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Jak długo czekać na odpowiedzi od serwera DNS podczas rozwiązywania serwerów "
"(sekundy)"
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr "Część domeny zapytania DNS wykrywania usługi"
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr "Zastępuje wartość GID z dostawcy tożsamości tą wartością"
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr "Rozróżnianie wielkości liter w nazwach użytkowników"
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr "Jak często odświeżać w tle wygasłe wpisy"
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr "Czy automatycznie aktualizować wpis DNS klienta"
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr "TTL do zastosowania do wpisu DNS klienta po jego zaktualizowaniu"
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"Interfejs, którego adres IP powinien być używany do dynamicznych "
"aktualizacji DNS"
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr "Jak często okresowo aktualizować wpis DNS klienta"
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr "Określa, czy dostawca powinien aktualizować także wpis PTR"
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr "Określa, czy narzędzie nsupdate powinno domyślnie używać portu TCP"
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
"Jakiego rodzaju uwierzytelnianie powinno być używane do wykonywania "
"aktualizacji DNS"
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
#, fuzzy
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
"Jakiego rodzaju uwierzytelnianie powinno być używane do wykonywania "
"aktualizacji DNS"
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr "Kontrola wyliczania zaufanych domen"
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr "Jak często odświeżać listę poddomen"
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr "Lista opcji dziedziczonych przez poddomenę"
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr "Domena IPA"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr "Adres serwera IPA"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr "Adres zapasowego serwera IPA"
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr "Nazwa komputera klienta IPA"
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
"Czy automatycznie aktualizować wpis DNS klienta w oprogramowaniu FreeIPA"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr "Podstawa wyszukiwania pod kątem obiektów związanych z HBAC"
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr "Czas między wyszukiwaniami reguł HBAC w serwerze IPA"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr "Czas w sekundach między wyszukiwaniami map SELinuksa w serwerze IPA"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
"Jeśli ustawiono na fałsz, to parametr komputera podany przez PAM zostanie "
"zignorowany"
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr "Położenie automountera, którego używa ten klient IPA"
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr ""
"Podstawa wyszukiwania dla obiektów zawierających informacje o domenie IPA"
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr ""
"Podstawa wyszukiwania dla obiektów zawierających informacje o zakresach "
"identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr "Włącza witryny DNS — wykrywanie usług w oparciu o położenie"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr "Podstawa wyszukiwania dla widoku kontenerów"
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr "Klasa obiektu dla widoku kontenerów"
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr "Atrybut z nazwą widoku"
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr "Klasa obiektu dla obiektów zastępowania"
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr "Atrybut z odniesieniem do pierwotnego obiektu"
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr "Klasa obiektu dla obiektów zastępowania użytkownika"
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr "Klasa obiektów dla obiektów zastępowania grup"
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr "Domena Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr "Adres serwera Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr "Adres zapasowego serwera Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr "Nazwa komputera klienta Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr "Filtr LDAP do określenia uprawnień dostępu"
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr "Czy używać Global Catalog do wyszukiwań"
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr "Tryb działania dla kontroli dostępu opartej na GPO"
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr "Czas między wyszukiwaniami plików polityki GPO w serwerze AD"
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
@@ -561,7 +593,7 @@ msgstr ""
"Nazwy usług PAM mapujących do ustawień polityki GPO "
"(Deny)InteractiveLogonRight"
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
@@ -569,249 +601,258 @@ msgstr ""
"Nazwy usług PAM mapujących do ustawień polityki GPO "
"(Deny)RemoteInteractiveLogonRight"
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
"Nazwy usług PAM mapujących do ustawień polityki GPO (Deny)NetworkLogonRight"
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
"Nazwy usług PAM mapujących do ustawień polityki GPO (Deny)BatchLogonRight"
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
"Nazwy usług PAM mapujących do ustawień polityki GPO (Deny)ServiceLogonRight"
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
"Nazwy usług PAM, dla których zawsze udzielany jest dostęp oparty na GPO"
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
"Nazwy usług PAM, dla których zawsze odmawiany jest dostęp oparty na GPO"
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
"Domyślne uprawnienie logowania (lub zezwolenie/odmowa) do użycia dla "
"niemapowanych nazw usług PAM"
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr "konkretna strona używana przez klienta"
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr "Adres serwera Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr "Adres zapasowego serwera Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr "Obszar Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr "Czas oczekiwania na uwierzytelnienie"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr "Określa, czy tworzyć pliki kdcinfo"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr "Gdzie umieścić wstawki konfiguracji krb5"
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr ""
"Katalog do przechowywania pamięci podręcznych danych uwierzytelniających"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr "Położenie pamięci podręcznej danych uwierzytelniających użytkownika"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr "Położenie tablicy kluczy do sprawdzania danych uwierzytelniających"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr "Włącza sprawdzanie danych uwierzytelniających"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr ""
"Przechowuje hasło, jeśli w trybie offline do późniejszego uwierzytelnienia w "
"trybie online"
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr "Odnawialny czas trwania TGT"
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr "Czas trwania TGT"
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr "Czas między dwoma sprawdzaniami odnowy"
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr "Włącza FAST"
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr "Wybiera naczelnika do użycia dla FAST"
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr "Włącza ujednolicanie naczelnika"
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr "Włącza naczelników enterprise"
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr "Mapa nazw użytkowników do nazw naczelników Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Serwer, w którym jest uruchomiona usługa zmiany haseł, jeśli nie znajduje "
"się w KDC"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, adres URI serwera LDAP"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr "ldap_backup_uri, adres URI serwera LDAP"
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr "Domyślna podstawowa DN"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Typ Schema do użycia na serwerze LDAP, RFC2307"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr "Domyślne DN dowiązania"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr "Typ tokenu uwierzytelniania domyślnego DN dowiązania"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr "Token uwierzytelniania domyślnego DN dowiązania"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr "Czas do próby połączenia"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Czas do próby synchronicznych działań LDAP"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr "Czas między próbami ponownego połączenia w trybie offline"
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr "Użycie tylko wielkich znaków w nazwach obszarów"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr "Plik zawierający certyfikaty CA"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr "Ścieżka do katalogu certyfikatów CA"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr "Plik zawierający certyfikat klienta"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr "Plik zawierający klucz klienta"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr "Lista możliwych zestawów szyfrów"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr "Wymaga sprawdzenia certyfikatu TLS"
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr "Podaje używany mechanizm SASL"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr "Podaje używany identyfikator upoważnienia SASL"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr "Podaje obszar upoważnienia SASL do użycia"
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr "Podaje minimalne SSF dla upoważnienia sasl LDAP"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr "Tablica kluczy usługi Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr "Używa uwierzytelniania Kerberos dla połączenia LDAP"
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr "Podąża za odsyłaniami LDAP"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr "Czas trwania TGT dla połączenia LDAP"
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr "Jak wskazywać aliasy"
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr "Nazwa usługi do wyszukiwań usługi DNS"
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr "Liczba wpisów do pobrania w jednym zapytaniu LDAP"
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr "Suma liczb, których musi brakować, aby wywołać pełne „deref”"
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -819,372 +860,381 @@ msgstr ""
"Określa, czy biblioteka LDAP powinna wykonywać odwrotne wyszukanie, aby "
"ujednolicić nazwę komputera podczas dowiązania SASL"
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr "Atrybut entryUSN"
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr "Atrybut lastUSN"
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr "Jak długo utrzymywać połączenie z serwerem LDAP przed rozłączeniem"
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr "Wyłącza kontrolę stronicowania LDAP"
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr "Wyłącza pobieranie zakresu Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr "Czas oczekiwania na żądanie wyszukiwania"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr "Czas oczekiwania na żądanie wyliczenia"
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr "Czas między aktualizacjami wyliczania"
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr "Czas między czyszczeniem pamięci podręcznej"
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr "Wymaga TLS dla wyszukiwania identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
"Używa mapowania identyfikatorów objectSID zamiast uprzednio ustawionych "
"identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr "Podstawowe DN dla wyszukiwania użytkowników"
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr "Zakres wyszukiwania użytkowników"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr "Filtruje wyszukiwania użytkowników"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr "Klasa obiektów dla użytkowników"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr "Atrybut nazwy użytkownika"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr "Atrybut UID"
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr "Pierwszy atrybut GID"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr "Atrybut GECOS"
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr "Atrybut katalogu domowego"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr "Atrybut powłoki"
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr "Atrybut UUID"
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr "Atrybut objectSID"
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr "Atrybut głównej grupy Active Directory dla mapowania identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr "Atrybut głównego użytkownika (dla Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr "Imię i nazwisko"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr "Atrybut memberOf"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr "Atrybut czasu modyfikacji"
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr "Atrybut shadowLastChange"
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr "Atrybut shadowMin"
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr "Atrybut shadowMax"
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr "Atrybut shadowWarning"
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr "Atrybut shadowInactive"
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr "Atrybut shadowExpire"
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr "Atrybut shadowFlag"
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr "Atrybut zawierający listę upoważnionych usług PAM"
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr "Atrybut zawierający listę upoważnionych komputerów serwerowych"
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr "Atrybut krbLastPwdChange"
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr "Atrybut krbPasswordExpiration"
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr "Atrybut wskazujący, czy polityki haseł po stronie serwera są aktywne"
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr "Atrybut accountExpires AD"
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr "Atrybut userAccountControl AD"
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr "Atrybut nsAccountLock"
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr "Atrybut loginDisabled NDS"
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr "Atrybut loginExpirationTime NDS"
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "Atrybut loginAllowedTimeMap NDS"
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr "Atrybut klucza publicznego SSH"
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
"atrybut zawierający listę dozwolonych typów uwierzytelniania dla użytkownika"
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr "atrybut zawierający certyfikat X509 użytkownika"
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr "Lista dodatkowych atrybutów do pobrania razem z wpisem użytkownika"
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr "Podstawowe DN dla wyszukiwania grup"
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr "Klasa obiektów dla grup"
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr "Nazwa grupy"
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr "Hasło grupy"
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr "Atrybut GID"
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr "Atrybut elementu grupy"
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr "Atrybut UUID grupy"
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr "Atrybut czasu modyfikacji grup"
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr "Typ grupy i inne flagi"
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+#, fuzzy
+msgid "The LDAP group external member attribute"
+msgstr "Atrybut elementów grupy sieciowej"
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr "Maksymalny poziom zagnieżdżenia, jaki usługa SSSD będzie używała"
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr "Podstawowe DN dla wyszukiwania grupy sieciowej"
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr "Klasa obiektów dla grup sieciowych"
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr "Nazwa grupy sieciowej"
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr "Atrybut elementów grupy sieciowej"
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr "Potrójny atrybut grupy sieciowej"
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr "Atrybut czasu modyfikacji grup sieciowych"
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr "Podstawowe DN do wyszukiwania usług"
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr "Klasa obiektów dla usług"
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr "Atrybut nazwy usługi"
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr "Atrybut portu usługi"
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr "Atrybut protokołu usługi"
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr "Niższa granica dla mapowania identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr "Wyższa granica dla mapowania identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
"Liczba identyfikatorów dla każdego kawałka podczas mapowania identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr "Używa algorytmu zgodnego z autorid do mapowania identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr "Nazwa domyślnej domeny dla mapowania identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr "SID domyślnej domeny dla mapowania identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr "Użycie LDAP_MATCHING_RULE_IN_CHAIN do wyszukiwania grup"
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr "Użycie LDAP_MATCHING_RULE_IN_CHAIN do wyszukiwania grup inicjacyjnych"
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr "Czy używać Token-Groups"
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr "Ustawia dolną granicę dla dozwolonych identyfikatorów z serwera LDAP"
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr "Ustawia górną granicę dla dozwolonych identyfikatorów z serwera LDAP"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr "DN dla zapytań polityki"
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr "Polityka do oszacowania wygaszenia hasła"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr "Które atrybuty powinny być używane do sprawdzenia, czy konto wygasło"
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr "Które reguły powinny być używane do sprawdzania kontroli dostępu"
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr "Adres URI serwera LDAP, gdzie zmiany hasła są dozwolone"
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr "Adres URI zapasowego serwera LDAP, gdzie zmiany hasła są dozwolone"
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr "Nazwa usługi DNS serwera zmiany hasła LDAP"
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
@@ -1192,24 +1242,24 @@ msgstr ""
"Określa, czy zaktualizować atrybut ldap_user_shadow_last_change po zmianie "
"hasła"
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr "Podstawowe DN dla wyszukiwań reguł sudo"
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr "Okres między automatycznymi pełnymi odświeżeniami"
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr "Okres między automatycznymi inteligentnymi odświeżeniami"
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
"Określa, czy filtrować reguły według nazwy komputera, adresów IP i sieci"
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
@@ -1217,246 +1267,242 @@ msgstr ""
"Nazwy komputerów i/lub pełne kwalifikowane nazwy domen tego komputera do "
"filtrowania reguł sudo"
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
"Adresy lub sieci IPv4 lub IPv6 tego komputera do filtrowania reguł sudo"
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
"Określa, czy zawierać reguły zawierające grupy sieciowe w atrybucie komputera"
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
"Określa, czy zawierać reguły zawierające wyrażenia regularne w atrybucie "
"komputera"
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr "Klasa obiektów dla reguł sudo"
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr "Nazwa reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr "Atrybut polecenia reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr "Atrybut komputera reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr "Atrybut użytkownika reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr "Atrybut opcji reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr "Atrybut runas reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr "Atrybut runasuser reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr "Atrybut runasgroup reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr "Atrybut notbefore reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr "Atrybut notafter reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr "Atrybut kolejności reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr "Klasa obiektów dla map automountera"
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr "Atrybut nazwy mapy automountera"
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr "Klasa obiektów dla wpisów map automountera"
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr "Atrybut klucza wpisu mapy automountera"
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr "Atrybut wartości wpisu mapy automountera"
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr "Podstawowe DN dla wyszukiwań map automountera"
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr "Lista dozwolonych użytkowników oddzielonych przecinkami"
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr "Lista zabronionych użytkowników oddzielonych przecinkami"
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr "Domyślna powłoka, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr "Podstawa katalogów domowych"
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr "Nazwa używanej biblioteki NSS"
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
"Określa, czy wyszukiwać kanoniczną nazwę grupy w pamięci podręcznej, jeśli "
"to możliwe"
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr "Używany stos PAM"
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr "Uruchamia jako usługa (domyślnie)"
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr "Uruchamia interaktywnie (nie jako usługa)"
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Podaje niedomyślny plik konfiguracji"
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr "Wyświetla numer wersji i kończy działanie"
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr "Poziom debugowania"
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr "Dodaje czasy debugowania"
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr "Wyświetlanie dat z mikrosekundami"
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr "Otwiera deskryptor pliku dla dzienników debugowania"
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr ""
"Wysyła wyjście debugowania bezpośrednio do standardowego wyjścia błędów."
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr "Użytkownik, jako który utworzyć ccache FAST"
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr "Grupa, jako którą utworzyć ccache FAST"
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr "Domena dostawcy informacji (wymagane)"
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr "Uprawnione gniazdo posiada błędnego właściciela lub uprawnienia."
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr "Publiczne gniazdo posiada błędnego właściciela lub uprawnienia"
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr "Nieoczekiwany format komunikatu uwierzytelniającego serwera."
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr "SSSD nie zostało uruchomione w trybie roota."
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr "Wystąpił błąd, ale nie odnaleziono jego opisu."
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr "Nieoczekiwany błąd podczas wyszukiwania opisu błędu"
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr "Odmowa uprawnienia."
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr "Komunikat serwera: "
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr "Hasła się nie zgadzają"
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr "Przywrócenie hasła przez użytkownika root nie jest obsługiwane."
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr "Uwierzytelniono za pomocą danych z pamięci podręcznej"
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ", hasło w pamięci podręcznej wygaśnie za: "
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr "Hasło wygasło. Pozostało %1$d możliwych logowań."
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr "Hasło wygaśnie za %1$d %2$s."
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr "Uwierzytelnianie jest zabronione do: "
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr "System jest w trybie offline, zmiana hasła nie jest możliwa"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
@@ -1464,35 +1510,35 @@ msgstr ""
"Po zmianie hasła OTP należy się wylogować i zalogować ponownie, aby uzyskać "
"zgłoszenie"
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr "Zmiana hasła się nie powiodła. "
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr "Nowe hasło: "
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr "Proszę ponownie podać nowe hasło: "
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr "Pierwszy czynnik: "
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr "Drugi czynnik: "
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr "Hasło: "
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr "Bieżące hasło: "
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr "Hasło wygasło. Proszę je zmienić teraz."
@@ -1501,7 +1547,7 @@ msgstr "Hasło wygasło. Proszę je zmienić teraz."
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "Poziom debugowania, z jakim uruchomić"
@@ -1514,7 +1560,7 @@ msgstr "Używana domena SSSD"
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr "Błąd podczas ustawiania lokalizacji\n"
@@ -1979,81 +2025,92 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr "Błąd transakcji. Nie można zmodyfikować użytkownika.\n"
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr "Żaden obiekt pamięci podręcznej nie pasuje do podanego wyszukiwania\n"
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr "Nie można unieważnić %1$s\n"
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr "Nie można unieważnić %1$s %2$s\n"
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
-msgstr "Unieważnia wszystkie wpisy w pamięci podręcznej oprócz reguł sudo"
+#: src/tools/sss_cache.c:644
+#, fuzzy
+msgid "Invalidate all cached entries"
+msgstr "Unieważnia wszystkie usługi"
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr "Unieważnia podanego użytkownika"
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr "Unieważnia wszystkich użytkowników"
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr "Unieważnia podaną grupę"
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr "Unieważnia wszystkie grupy"
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr "Unieważnia podaną grupę sieciową"
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr "Unieważnia wszystkie grupy sieciowe"
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr "Unieważnia podaną usługę"
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr "Unieważnia wszystkie usługi"
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr "Unieważnia podaną mapę autofs"
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr "Unieważnia wszystkie mapy autofs"
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr "Unieważnia konkretny komputer SSH"
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr "Unieważnia wszystkie komputery SSH"
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+#, fuzzy
+msgid "Invalidate particular sudo rule"
+msgstr "Unieważnia podanego użytkownika"
+
+#: src/tools/sss_cache.c:677
+#, fuzzy
+msgid "Invalidate all cached sudo rules"
+msgstr "Unieważnia wszystkie wpisy w pamięci podręcznej oprócz reguł sudo"
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr "Unieważnia wpisy tylko z podanej domeny"
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr "Proszę wybrać co najmniej jeden obiekt do unieważnienia\n"
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
@@ -2063,7 +2120,7 @@ msgstr ""
"domeną), należy użyć w pełni kwalifikowanej nazwy zamiast parametru --"
"domain/-d.\n"
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr "Nie można otworzyć dostępnych domen\n"
@@ -2084,7 +2141,7 @@ msgstr "Oczekiwano tylko jednego parametru\n"
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr "Nazwa „%1$s” nie jest FQDN (ustawione jest „%2$s = TRUE”)\n"
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr "Brak pamięci\n"
@@ -2093,15 +2150,15 @@ msgstr "Brak pamięci\n"
msgid "%1$s must be run as root\n"
msgstr "%1$s musi zostać uruchomione jako root\n"
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr ""
-"Wysyła wyjście debugowania do plików, zamiast do standardowego wyjścia błędów"
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr "Identyfikator użytkownika, jako który uruchomić serwer"
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr "Identyfikator grupy, jako którą uruchomić serwer"
+
+#~ msgid "Send the debug output to files instead of stderr"
+#~ msgstr ""
+#~ "Wysyła wyjście debugowania do plików, zamiast do standardowego wyjścia "
+#~ "błędów"
diff --git a/po/pt.po b/po/pt.po
index 3fb810651..2c8577ab5 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/"
@@ -17,164 +17,179 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr "Definir a verbosidade dos registos de depuração"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr "Incluir data e hora nos registos de depuração"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr "Gravar as mensagens de depuração em ficheiros de registo"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr "Foi excedido o tempo do ping antes de reiniciar o serviço"
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr "Comando para iniciar serviço"
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr "Número de vezes para tentar ligação aos Fornecedores de Dados"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr "Serviços SSSD a iniciar"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr "Domínios SSSD a iniciar"
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr "Limite de tempo para mensagens enviadas sobre SBUS"
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr "Expressão regular para obter nome do utilizar e domínio"
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Formato compatível com o printf para apresentar nomes completos"
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:65
+#, fuzzy
+msgid "Tune certificate verification"
+msgstr "Obriga a verificação de certificados TLS"
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr "Validade da cache de enumeração (segundos)"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr "Validade da actualização da cache em segundo plano (segundos)"
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr "Validade da cache negativa (segundos)"
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+#, fuzzy
+msgid "Files negative cache timeout length (seconds)"
+msgstr "Validade da cache negativa (segundos)"
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr "Utilizadores que o SSSD devem explicitamente ignorar"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr "Grupos que o SSSD devem explicitamente ignorar"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr "Devem os utilizadores filtrados aparecer em grupos"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr "O valor do campo da senha que o fornecedor NSS deve retornar"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Durante quanto tempo devem ser permitidas as caches de sessões entre sessões "
"online (dias)"
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
"Quantas tentativas falhadas de inicio de sessão são permitidas quando offline"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -182,1247 +197,1276 @@ msgstr ""
"Quanto tempo (minutos) para negar a sessão após "
"offline_failed_login_attempts ter sido atingido"
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+msgid "Message printed when user account is locked."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
#, fuzzy
msgid "Path to storage of trusted CA certificates"
msgstr "Ficheiro que contêm os certificados CA"
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr "Fornecedor de identidade"
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr "Fornecedor de autenticação"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr "Fornecedor de controle de acesso"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr "Fornecedor de Alteração de Senha"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr "ID de utilizador mínimo"
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr "ID de utilizador máximo"
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr "Permitir enumeração de todos os utilizadores/grupos"
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr "Efectuar cache de credenciais para sessões em modo desligado"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr "Guardar hashes da senha"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr "Apresentar utilizadores/grupos na forma completa"
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr "Validade da cache (segundos)"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Restringir ou preferir famílias de endereços especificas quando efectua "
"consultas DNS"
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Durante quanto tempo devem ser permitidas as caches de sessões entre sessões "
"bem sucedidas (dias)"
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr "Domínio IPA"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr "Endereço do servidor IPA"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr "Nome da máquina do cliente IPA"
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr "Endereço do servidor Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr "Reino Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr "Tempo de expiração da autenticação"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr "Directório para armazenar as caches de credenciais"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr "Localização da cache de credenciais dos utilizadores"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr "Localização da tabela de chaves (keytab) para validar credenciais"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr "Activar validação de credenciais"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Servidor onde está em execução o serviço de alteração de senha, se não "
"coincide com o KDC"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, O URI do servidor LDAP"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr "A base DN por omissão"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "O tipo de Schema em utilização no servidor LDAP, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr "O DN por omissão para a ligação"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr "O tipo de token de autenticação do bind DN por omissão"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr "O token de autenticação do bind DN por omissão"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr "Período de tempo para tentar ligação"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Tempo de espera para tentar operações LDAP síncronas"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr "Tempo de espera entre tentativas para re-conectar quando desligado"
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr "Ficheiro que contêm os certificados CA"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr "Caminho para o directório do certificado CA"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr "Obriga a verificação de certificados TLS"
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr "Especificar mecanismo sasl a utilizar"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr "Especifique o id sasl para utilizar na autorização"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr "Separador chave do serviço Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr "Utilizar autenticação Kerberos para ligações LDAP"
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr "Seguir os referrals LDAP"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr "Tempo de espera por um pedido de pesquisa"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr "Período de tempo entre enumeração de actualizações"
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr "Requer TLS para consultas de ID"
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr "DN base para pesquisa de utilizadores"
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr "Âmbito das pesquisas do utilizador"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr "Filtro para as pesquisas do utilizador"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr "Objectclass para utilizadores"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr "Atributo GID primário"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr "Atributo GECOS"
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr "Atributo da pasta pessoal"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr "Atributo da Shell"
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr "Atributo principal do utilizador (para Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr "Nome Completo"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr "Atributo memberOf"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr "Atributo da alteração da data"
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+msgid "The LDAP group external member attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr "Politica para avaliar a expiração da senha"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr "Lista de utilizadores autorizados separados por vírgulas"
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr "Lista de utilizadores não autorizados separados por vírgulas"
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr "Shell pré-definida, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr "Directório base para as pastas pessoais"
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr "O nome da biblioteca NSS a utilizar"
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr "Stack PAM a utilizar"
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr "Tornar-se num serviço (omissão)"
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr "Executar interactivamente (não como serviço)"
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Especificar um ficheiro de configuração não standard"
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr "Nível de depuração"
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr "Adicionar tempos na depuração"
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr "Um descritor de ficheiro aberto para os registos de depuração"
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr ""
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr ""
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr "Domínio do fornecedor de informação (obrigatório)"
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr ""
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr "Mensagem do Servidor: "
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr "Senhas não coincidem"
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ", a sua senha guardada em cache irá expirar em: "
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr "O sistema está offline, a mudança de senha não é possível"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
msgstr ""
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr "Alteração da senha falhou."
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr "Nova Senha: "
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr "Digite a senha novamente: "
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr "Senha: "
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr "Senha actual: "
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr "A senha expirou. Altere a sua senha agora."
@@ -1431,7 +1475,7 @@ msgstr "A senha expirou. Altere a sua senha agora."
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "O nível de depuração a utilizar durante a execução"
@@ -1444,7 +1488,7 @@ msgstr ""
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr "Erro ao definir a configuração regional\n"
@@ -1892,88 +1936,96 @@ msgstr "Incapaz de modificar utilizador - utilizador já é membro de grupos?\n"
msgid "Transaction error. Could not modify user.\n"
msgstr "Erro na transacção. Não foi possível modificar o utilizador.\n"
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr ""
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr ""
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
+#: src/tools/sss_cache.c:644
+msgid "Invalidate all cached entries"
msgstr ""
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr ""
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr ""
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+msgid "Invalidate particular sudo rule"
+msgstr ""
+
+#: src/tools/sss_cache.c:677
+msgid "Invalidate all cached sudo rules"
+msgstr ""
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr ""
@@ -1994,7 +2046,7 @@ msgstr ""
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr "Memória esgotada\n"
@@ -2003,14 +2055,13 @@ msgstr "Memória esgotada\n"
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr "Enviar o resultado de depuração para ficheiro em vez do stderr"
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr ""
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr ""
+
+#~ msgid "Send the debug output to files instead of stderr"
+#~ msgstr "Enviar o resultado de depuração para ficheiro em vez do stderr"
diff --git a/po/pt_BR.po b/po/pt_BR.po
new file mode 100644
index 000000000..ac0252de8
--- /dev/null
+++ b/po/pt_BR.po
@@ -0,0 +1,1958 @@
+# Marco Aurélio Krause <ouesten@me.com>, 2015. #zanata
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
+"POT-Creation-Date: 2015-06-22 11:41+0200\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"PO-Revision-Date: 2015-10-27 08:15-0400\n"
+"Last-Translator: Marco Aurélio Krause <ouesten@me.com>\n"
+"Language-Team: Portuguese (Brazil)\n"
+"Language: pt-BR\n"
+"X-Generator: Zanata 3.8.4\n"
+"Plural-Forms: nplurals=2; plural=(n != 1)\n"
+
+#: src/config/SSSDConfig/__init__.py.in:43
+msgid "Set the verbosity of the debug logging"
+msgstr "Definir a verbosidade do log de depuração"
+
+#: src/config/SSSDConfig/__init__.py.in:44
+msgid "Include timestamps in debug logs"
+msgstr "Incluir timestamps em logs de depuração"
+
+#: src/config/SSSDConfig/__init__.py.in:45
+msgid "Include microseconds in timestamps in debug logs"
+msgstr "Incluir microssegundos em timestamps em logs de depuração"
+
+#: src/config/SSSDConfig/__init__.py.in:46
+msgid "Write debug messages to logfiles"
+msgstr "Escrever mensagens de depuração para arquivos de log"
+
+#: src/config/SSSDConfig/__init__.py.in:47
+msgid "Ping timeout before restarting service"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:48
+msgid ""
+"Timeout between three failed ping checks and forcibly killing the service"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:49
+msgid "Command to start service"
+msgstr "Comando para iniciar o serviço"
+
+#: src/config/SSSDConfig/__init__.py.in:50
+msgid "Number of times to attempt connection to Data Providers"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:51
+msgid "The number of file descriptors that may be opened by this responder"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:52
+msgid "Idle time before automatic disconnection of a client"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:55
+msgid "SSSD Services to start"
+msgstr "Serviços SSSD para iniciar"
+
+#: src/config/SSSDConfig/__init__.py.in:56
+msgid "SSSD Domains to start"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
+msgid "Timeout for messages sent over the SBUS"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:58
+msgid "Regex to parse username and domain"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:59
+msgid "Printf-compatible format for displaying fully-qualified names"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:60
+msgid ""
+"Directory on the filesystem where SSSD should store Kerberos replay cache "
+"files."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:61
+msgid "Domain to add to names without a domain component."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:62
+msgid "The user to drop privileges to"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:65
+msgid "Enumeration cache timeout length (seconds)"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:66
+msgid "Entry cache background update timeout length (seconds)"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Negative cache timeout length (seconds)"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:68
+msgid "Users that SSSD should explicitly ignore"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:69
+msgid "Groups that SSSD should explicitly ignore"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:70
+msgid "Should filtered users appear in groups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:71
+msgid "The value of the password field the NSS provider should return"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:72
+msgid "Override homedir value from the identity provider with this value"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:73
+msgid ""
+"Substitute empty homedir value from the identity provider with this value"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:74
+msgid "Override shell value from the identity provider with this value"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:75
+msgid "The list of shells users are allowed to log in with"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:76
+msgid ""
+"The list of shells that will be vetoed, and replaced with the fallback shell"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:77
+msgid ""
+"If a shell stored in central directory is allowed but not available, use "
+"this fallback"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:78
+msgid "Shell to use if the provider does not list one"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:79
+msgid "How long will be in-memory cache records valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:80
+msgid "All spaces in group or user names will be replaced with this character"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:83
+msgid "How long to allow cached logins between online logins (days)"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:84
+msgid "How many failed logins attempts are allowed when offline"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:85
+msgid ""
+"How long (minutes) to deny login after offline_failed_login_attempts has "
+"been reached"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:86
+msgid "What kind of messages are displayed to the user during authentication"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:87
+msgid "How many seconds to keep identity information cached for PAM requests"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:88
+msgid "How many days before password expiration a warning should be displayed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:89
+msgid "List of trusted uids or user's name"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:90
+msgid "List of domains accessible even for untrusted users."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:91
+msgid "Message printed when user account is expired."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:94
+msgid "Whether to evaluate the time-based attributes in sudo rules"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "Whether to hash host names and addresses in the known_hosts file"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:101
+msgid ""
+"How many seconds to keep a host in the known_hosts file after its host keys "
+"were requested"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:104
+msgid "List of UIDs or user names allowed to access the PAC responder"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:107
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:108
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:111
+msgid "Identity provider"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:112
+msgid "Authentication provider"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:113
+msgid "Access control provider"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:114
+msgid "Password change provider"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "SUDO provider"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:116
+msgid "Autofs provider"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:117
+msgid "Session-loading provider"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
+msgid "Host identity provider"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:121
+msgid "Minimum user ID"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:122
+msgid "Maximum user ID"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:123
+msgid "Enable enumerating all users/groups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:124
+msgid "Cache credentials for offline login"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:125
+msgid "Store password hashes"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:126
+msgid "Display users/groups in fully-qualified form"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:127
+msgid "Don't include group members in group lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:138
+#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:140
+msgid "Entry cache timeout length (seconds)"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:129
+msgid ""
+"Restrict or prefer a specific address family when performing DNS lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:130
+msgid "How long to keep cached entries after last successful login (days)"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:131
+msgid "How long to wait for replies from DNS when resolving servers (seconds)"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:132
+msgid "The domain part of service discovery DNS query"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:133
+msgid "Override GID value from the identity provider with this value"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:134
+msgid "Treat usernames as case sensitive"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:141
+msgid "How often should expired entries be refreshed in background"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:142
+msgid "Whether to automatically update the client's DNS entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:159
+msgid "The TTL to apply to the client's DNS entry after updating it"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:160
+msgid "The interface whose IP should be used for dynamic DNS updates"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:145
+msgid "How often to periodically update the client's DNS entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:146
+msgid "Whether the provider should explicitly update the PTR record as well"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:147
+msgid "Whether the nsupdate utility should default to using TCP"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:148
+msgid "What kind of authentication should be used to perform the DNS update"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:149
+msgid "Control enumeration of trusted domains"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:150
+msgid "How often should subdomains list be refreshed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:151
+msgid "List of options that should be inherited into a subdomain"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:154
+msgid "IPA domain"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:155
+msgid "IPA server address"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:156
+msgid "Address of backup IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:157
+msgid "IPA client hostname"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:158
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:161
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:162
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:163
+msgid ""
+"The amount of time in seconds between lookups of the SELinux maps against "
+"the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:164
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:165
+msgid "The automounter location this IPA client is using"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:166
+msgid "Search base for object containing info about IPA domain"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:167
+msgid "Search base for objects containing info about ID ranges"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:182
+msgid "Enable DNS sites - location based service discovery"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Search base for view containers"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Objectclass for view containers"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:171
+msgid "Attribute with the name of the view"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:172
+msgid "Objectclass for override objects"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+msgid "Attribute with the reference to the original object"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:174
+msgid "Objectclass for user override objects"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:175
+msgid "Objectclass for group override objects"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:178
+msgid "Active Directory domain"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:179
+msgid "Active Directory server address"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:180
+msgid "Active Directory backup server address"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:181
+msgid "Active Directory client hostname"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:362
+msgid "LDAP filter to determine access privileges"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:184
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:185
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:186
+msgid ""
+"The amount of time between lookups of the GPO policy files against the AD "
+"server"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:187
+msgid ""
+"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
+"settings"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:188
+msgid ""
+"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
+"policy settings"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:189
+msgid ""
+"PAM service names that map to the GPO (Deny)NetworkLogonRight policy "
+"settings"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:190
+msgid ""
+"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:191
+msgid ""
+"PAM service names that map to the GPO (Deny)ServiceLogonRight policy "
+"settings"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:192
+msgid "PAM service names for which GPO-based access is always granted"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:193
+msgid "PAM service names for which GPO-based access is always denied"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:194
+msgid ""
+"Default logon right (or permit/deny) to use for unmapped PAM service names"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:195
+msgid "a particular site to be used by the client"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:199
+msgid "Kerberos server address"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:200
+msgid "Kerberos backup server address"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:201
+msgid "Kerberos realm"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:202
+msgid "Authentication timeout"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:203
+msgid "Whether to create kdcinfo files"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:204
+msgid "Where to drop krb5 config snippets"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:207
+msgid "Directory to store credential caches"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:208
+msgid "Location of the user's credential cache"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid "Location of the keytab to validate credentials"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Enable credential validation"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:211
+msgid "Store password if offline for later online authentication"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:212
+msgid "Renewable lifetime of the TGT"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+msgid "Lifetime of the TGT"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:214
+msgid "Time between two checks for renewal"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:215
+msgid "Enables FAST"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:216
+msgid "Selects the principal to use for FAST"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:217
+msgid "Enables principal canonicalization"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:218
+msgid "Enables enterprise principals"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:219
+msgid "A mapping from user names to kerberos principal names"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:223
+msgid "Server where the change password service is running if not on the KDC"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:226
+msgid "ldap_uri, The URI of the LDAP server"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:227
+msgid "ldap_backup_uri, The URI of the LDAP server"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:228
+msgid "The default base DN"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:229
+msgid "The Schema Type in use on the LDAP server, rfc2307"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:230
+msgid "The default bind DN"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:231
+msgid "The type of the authentication token of the default bind DN"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:232
+msgid "The authentication token of the default bind DN"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:233
+msgid "Length of time to attempt connection"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:234
+msgid "Length of time to attempt synchronous LDAP operations"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:235
+msgid "Length of time between attempts to reconnect while offline"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:236
+msgid "Use only the upper case for realm names"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:237
+msgid "File that contains CA certificates"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:238
+msgid "Path to CA certificate directory"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:239
+msgid "File that contains the client certificate"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:240
+msgid "File that contains the client key"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:241
+msgid "List of possible ciphers suites"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:242
+msgid "Require TLS certificate verification"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:243
+msgid "Specify the sasl mechanism to use"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:244
+msgid "Specify the sasl authorization id to use"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:245
+msgid "Specify the sasl authorization realm to use"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:246
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:247
+msgid "Kerberos service keytab"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:248
+msgid "Use Kerberos auth for LDAP connection"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:249
+msgid "Follow LDAP referrals"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:250
+msgid "Lifetime of TGT for LDAP connection"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:251
+msgid "How to dereference aliases"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:252
+msgid "Service name for DNS service lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:253
+msgid "The number of records to retrieve in a single LDAP query"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:254
+msgid "The number of members that must be missing to trigger a full deref"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:255
+msgid ""
+"Whether the LDAP library should perform a reverse lookup to canonicalize the "
+"host name during a SASL bind"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:257
+msgid "entryUSN attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:258
+msgid "lastUSN attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:260
+msgid ""
+"How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:262
+msgid "Disable the LDAP paging control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:263
+msgid "Disable Active Directory range retrieval"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:266
+msgid "Length of time to wait for a search request"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:267
+msgid "Length of time to wait for a enumeration request"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:268
+msgid "Length of time between enumeration updates"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:269
+msgid "Length of time between cache cleanups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:270
+msgid "Require TLS for ID lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:271
+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:272
+msgid "Base DN for user lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:273
+msgid "Scope of user lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:274
+msgid "Filter for user lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:275
+msgid "Objectclass for users"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:276
+msgid "Username attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:278
+msgid "UID attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:279
+msgid "Primary GID attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:280
+msgid "GECOS attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:281
+msgid "Home directory attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:282
+msgid "Shell attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "UUID attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:324
+msgid "objectSID attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
+msgid "Active Directory primary group attribute for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:286
+msgid "User principal attribute (for Kerberos)"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:287
+msgid "Full Name"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:288
+msgid "memberOf attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:289
+msgid "Modification time attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:291
+msgid "shadowLastChange attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:292
+msgid "shadowMin attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:293
+msgid "shadowMax attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:294
+msgid "shadowWarning attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:295
+msgid "shadowInactive attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "shadowExpire attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:297
+msgid "shadowFlag attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
+msgid "Attribute listing authorized PAM services"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:299
+msgid "Attribute listing authorized server hosts"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:300
+msgid "krbLastPwdChange attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:301
+msgid "krbPasswordExpiration attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:302
+msgid "Attribute indicating that server side password policies are active"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:303
+msgid "accountExpires attribute of AD"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:304
+msgid "userAccountControl attribute of AD"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:305
+msgid "nsAccountLock attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:306
+msgid "loginDisabled attribute of NDS"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:307
+msgid "loginExpirationTime attribute of NDS"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:308
+msgid "loginAllowedTimeMap attribute of NDS"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:309
+msgid "SSH public key attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:310
+msgid "attribute listing allowed authentication types for a user"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:311
+msgid "attribute containing the X509 certificate of the user"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:313
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:315
+msgid "Base DN for group lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:318
+msgid "Objectclass for groups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:319
+msgid "Group name"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:320
+msgid "Group password"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:321
+msgid "GID attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:322
+msgid "Group member attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:323
+msgid "Group UUID attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:325
+msgid "Modification time attribute for groups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:326
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:328
+msgid "Maximum nesting level SSSd will follow"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:330
+msgid "Base DN for netgroup lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "Objectclass for netgroups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:332
+msgid "Netgroup name"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:333
+msgid "Netgroups members attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:334
+msgid "Netgroup triple attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:335
+msgid "Modification time attribute for netgroups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:337
+msgid "Base DN for service lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:338
+msgid "Objectclass for services"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:339
+msgid "Service name attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:340
+msgid "Service port attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:341
+msgid "Service protocol attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:344
+msgid "Lower bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:345
+msgid "Upper bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:346
+msgid "Number of IDs for each slice when ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:347
+msgid "Use autorid-compatible algorithm for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:348
+msgid "Name of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:349
+msgid "SID of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:351
+msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:352
+msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:353
+msgid "Whether to use Token-Groups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:354
+msgid "Set lower boundary for allowed IDs from the LDAP server"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:355
+msgid "Set upper boundary for allowed IDs from the LDAP server"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:356
+msgid "DN for ppolicy queries"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:359
+msgid "Policy to evaluate the password expiration"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:363
+msgid "Which attributes shall be used to evaluate if an account is expired"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:364
+msgid "Which rules should be used to evaluate access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:367
+msgid "URI of an LDAP server where password changes are allowed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
+msgid "URI of a backup LDAP server where password changes are allowed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:369
+msgid "DNS service name for LDAP password change server"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:370
+msgid ""
+"Whether to update the ldap_user_shadow_last_change attribute after a "
+"password change"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:373
+msgid "Base DN for sudo rules lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:374
+msgid "Automatic full refresh period"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:375
+msgid "Automatic smart refresh period"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:376
+msgid "Whether to filter rules by hostname, IP addresses and network"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:377
+msgid ""
+"Hostnames and/or fully qualified domain names of this machine to filter sudo "
+"rules"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:378
+msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:379
+msgid "Whether to include rules that contains netgroup in host attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:380
+msgid ""
+"Whether to include rules that contains regular expression in host attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:381
+msgid "Object class for sudo rules"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:382
+msgid "Sudo rule name"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:383
+msgid "Sudo rule command attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:384
+msgid "Sudo rule host attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:385
+msgid "Sudo rule user attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:386
+msgid "Sudo rule option attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:387
+msgid "Sudo rule runas attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:388
+msgid "Sudo rule runasuser attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:389
+msgid "Sudo rule runasgroup attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:390
+msgid "Sudo rule notbefore attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:391
+msgid "Sudo rule notafter attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:392
+msgid "Sudo rule order attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:395
+msgid "Object class for automounter maps"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:396
+msgid "Automounter map name attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:397
+msgid "Object class for automounter map entries"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:398
+msgid "Automounter map entry key attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:399
+msgid "Automounter map entry value attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:400
+msgid "Base DN for automounter map lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:403
+msgid "Comma separated list of allowed users"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:404
+msgid "Comma separated list of prohibited users"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:407
+msgid "Default shell, /bin/bash"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:408
+msgid "Base for home directories"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:411
+msgid "The name of the NSS library to use"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:412
+msgid "Whether to look up canonical group name from cache if possible"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:415
+msgid "PAM stack to use"
+msgstr ""
+
+#: src/monitor/monitor.c:2838
+msgid "Become a daemon (default)"
+msgstr ""
+
+#: src/monitor/monitor.c:2840
+msgid "Run interactive (not a daemon)"
+msgstr ""
+
+#: src/monitor/monitor.c:2842 src/tools/sss_debuglevel.c:71
+msgid "Specify a non-default config file"
+msgstr ""
+
+#: src/monitor/monitor.c:2844
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:2592 src/providers/ldap/ldap_child.c:609
+#: src/util/util.h:110
+msgid "Debug level"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:2594 src/providers/ldap/ldap_child.c:611
+#: src/util/util.h:116
+msgid "Add debug timestamps"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:613
+#: src/util/util.h:118
+msgid "Show timestamps with microseconds"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:2598 src/providers/ldap/ldap_child.c:615
+msgid "An open file descriptor for the debug logs"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:2601 src/providers/ldap/ldap_child.c:617
+#: src/util/util.h:114
+msgid "Send the debug output to stderr directly."
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:2603
+msgid "The user to create FAST ccache as"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:2605
+msgid "The group to create FAST ccache as"
+msgstr ""
+
+#: src/providers/data_provider_be.c:2833
+msgid "Domain of the information provider (mandatory)"
+msgstr ""
+
+#: src/sss_client/common.c:971
+msgid "Privileged socket has wrong ownership or permissions."
+msgstr ""
+
+#: src/sss_client/common.c:974
+msgid "Public socket has wrong ownership or permissions."
+msgstr ""
+
+#: src/sss_client/common.c:977
+msgid "Unexpected format of the server credential message."
+msgstr ""
+
+#: src/sss_client/common.c:980
+msgid "SSSD is not run by root."
+msgstr ""
+
+#: src/sss_client/common.c:985
+msgid "An error occurred, but no description can be found."
+msgstr ""
+
+#: src/sss_client/common.c:991
+msgid "Unexpected error while looking for an error description"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:66
+msgid "Permission denied. "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:728
+#: src/sss_client/pam_sss.c:739
+msgid "Server message: "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:246
+msgid "Passwords do not match"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:434
+msgid "Password reset by root is not supported."
+msgstr ""
+
+#: src/sss_client/pam_sss.c:475
+msgid "Authenticated with cached credentials"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:476
+msgid ", your cached password will expire at: "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:506
+#, c-format
+msgid "Your password has expired. You have %1$d grace login(s) remaining."
+msgstr ""
+
+#: src/sss_client/pam_sss.c:552
+#, c-format
+msgid "Your password will expire in %1$d %2$s."
+msgstr ""
+
+#: src/sss_client/pam_sss.c:601
+msgid "Authentication is denied until: "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:622
+msgid "System is offline, password change not possible"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:637
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:725 src/sss_client/pam_sss.c:738
+msgid "Password change failed. "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:1354
+msgid "New Password: "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:1355
+msgid "Reenter new Password: "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:1459
+msgid "First Factor: "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:1460
+msgid "Second Factor: "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:1462
+msgid "Password: "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:1502
+msgid "Current Password: "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:1701
+msgid "Password expired. Change your password now."
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
+#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
+#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
+#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+msgid "The debug level to run with"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196
+msgid "The SSSD domain to use"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
+#: src/tools/sss_cache.c:627
+msgid "Error setting the locale\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64
+msgid "Not enough memory\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83
+msgid "User not specified\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92
+msgid "Error looking up public keys\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194
+msgid "The port to use to connect to the host"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238
+msgid "Invalid port\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243
+msgid "Host not specified\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249
+msgid "The path to the proxy command must be absolute\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
+msgid "The UID of the user"
+msgstr ""
+
+#: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50
+msgid "The comment string"
+msgstr ""
+
+#: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51
+msgid "Home directory"
+msgstr ""
+
+#: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52
+msgid "Login shell"
+msgstr ""
+
+#: src/tools/sss_useradd.c:53
+msgid "Groups"
+msgstr ""
+
+#: src/tools/sss_useradd.c:54
+msgid "Create user's directory if it does not exist"
+msgstr ""
+
+#: src/tools/sss_useradd.c:55
+msgid "Never create user's directory, overrides config"
+msgstr ""
+
+#: src/tools/sss_useradd.c:56
+msgid "Specify an alternative skeleton directory"
+msgstr ""
+
+#: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:60
+msgid "The SELinux user for user's login"
+msgstr ""
+
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:92
+msgid "Specify group to add to\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:111
+msgid "Specify user to add\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
+#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
+#: src/tools/sss_groupshow.c:697 src/tools/sss_userdel.c:198
+#: src/tools/sss_usermod.c:162
+msgid "Error initializing the tools - no local domain\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:699 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:164
+msgid "Error initializing the tools\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:708 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:173
+msgid "Invalid domain specified in FQDN\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:197
+#: src/tools/sss_usermod.c:226
+msgid "Internal error while parsing parameters\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:206
+#: src/tools/sss_usermod.c:235
+msgid "Groups must be in the same domain as user\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:159
+#, c-format
+msgid "Cannot find group %1$s in local domain\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
+msgid "Cannot set default values\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:187
+msgid "The selected UID is outside the allowed range\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:305
+msgid "Cannot set SELinux login context\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:224
+msgid "Cannot get info about the user\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:236
+msgid "User's home directory already exists, not copying data from skeldir\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:239
+#, c-format
+msgid "Cannot create user's home directory: %1$s\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:250
+#, c-format
+msgid "Cannot create user's mail spool: %1$s\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:270
+msgid "Could not allocate ID for the user - domain full?\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:274
+msgid "A user or group with the same name or ID already exists\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:280
+msgid "Transaction error. Could not add user.\n"
+msgstr ""
+
+#: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48
+msgid "The GID of the group"
+msgstr ""
+
+#: src/tools/sss_groupadd.c:76
+msgid "Specify group to add\n"
+msgstr ""
+
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
+msgid "The selected GID is outside the allowed range\n"
+msgstr ""
+
+#: src/tools/sss_groupadd.c:143
+msgid "Could not allocate ID for the group - domain full?\n"
+msgstr ""
+
+#: src/tools/sss_groupadd.c:147
+msgid "A group with the same name or GID already exists\n"
+msgstr ""
+
+#: src/tools/sss_groupadd.c:153
+msgid "Transaction error. Could not add group.\n"
+msgstr ""
+
+#: src/tools/sss_groupdel.c:70
+msgid "Specify group to delete\n"
+msgstr ""
+
+#: src/tools/sss_groupdel.c:104
+#, c-format
+msgid "Group %1$s is outside the defined ID range for domain\n"
+msgstr ""
+
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:282
+#: src/tools/sss_usermod.c:289 src/tools/sss_usermod.c:296
+#, c-format
+msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
+msgstr ""
+
+#: src/tools/sss_groupdel.c:132
+msgid ""
+"No such group in local domain. Removing groups only allowed in local domain."
+"\n"
+msgstr ""
+
+#: src/tools/sss_groupdel.c:137
+msgid "Internal error. Could not remove group.\n"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:44
+msgid "Groups to add this group to"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:46
+msgid "Groups to remove this group from"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:100
+msgid "Specify group to remove from\n"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:101
+msgid "Specify group to modify\n"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:130
+msgid ""
+"Cannot find group in local domain, modifying groups is allowed only in local "
+"domain\n"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
+msgid "Member groups must be in the same domain as parent group\n"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:214 src/tools/sss_usermod.c:243
+#, c-format
+msgid ""
+"Cannot find group %1$s in local domain, only groups in local domain are "
+"allowed\n"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:257
+msgid "Could not modify group - check if member group names are correct\n"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:261
+msgid "Could not modify group - check if groupname is correct\n"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:265
+msgid "Transaction error. Could not modify group.\n"
+msgstr ""
+
+#: src/tools/sss_groupshow.c:598
+#, c-format
+msgid "%1$s%2$sGroup: %3$s\n"
+msgstr ""
+
+#: src/tools/sss_groupshow.c:599
+msgid "Magic Private "
+msgstr ""
+
+#: src/tools/sss_groupshow.c:601
+#, c-format
+msgid "%1$sGID number: %2$d\n"
+msgstr ""
+
+#: src/tools/sss_groupshow.c:603
+#, c-format
+msgid "%1$sMember users: "
+msgstr ""
+
+#: src/tools/sss_groupshow.c:610
+#, c-format
+msgid "\n"
+"%1$sIs a member of: "
+msgstr ""
+
+#: src/tools/sss_groupshow.c:617
+#, c-format
+msgid "\n"
+"%1$sMember groups: "
+msgstr ""
+
+#: src/tools/sss_groupshow.c:653
+msgid "Print indirect group members recursively"
+msgstr ""
+
+#: src/tools/sss_groupshow.c:687
+msgid "Specify group to show\n"
+msgstr ""
+
+#: src/tools/sss_groupshow.c:727
+msgid ""
+"No such group in local domain. Printing groups only allowed in local domain."
+"\n"
+msgstr ""
+
+#: src/tools/sss_groupshow.c:732
+msgid "Internal error. Could not print group.\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:136
+msgid "Remove home directory and mail spool"
+msgstr ""
+
+#: src/tools/sss_userdel.c:138
+msgid "Do not remove home directory and mail spool"
+msgstr ""
+
+#: src/tools/sss_userdel.c:140
+msgid "Force removal of files not owned by the user"
+msgstr ""
+
+#: src/tools/sss_userdel.c:142
+msgid "Kill users' processes before removing him"
+msgstr ""
+
+#: src/tools/sss_userdel.c:188
+msgid "Specify user to delete\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:234
+#, c-format
+msgid "User %1$s is outside the defined ID range for domain\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:259
+msgid "Cannot reset SELinux login context\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:271
+#, c-format
+msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:276
+msgid "Cannot determine if the user was logged in on this platform"
+msgstr ""
+
+#: src/tools/sss_userdel.c:281
+msgid "Error while checking if the user was logged in\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:288
+#, c-format
+msgid "The post-delete command failed: %1$s\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:308
+msgid "Not removing home dir - not owned by user\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:310
+#, c-format
+msgid "Cannot remove homedir: %1$s\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:324
+msgid ""
+"No such user in local domain. Removing users only allowed in local domain.\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:329
+msgid "Internal error. Could not remove user.\n"
+msgstr ""
+
+#: src/tools/sss_usermod.c:49
+msgid "The GID of the user"
+msgstr ""
+
+#: src/tools/sss_usermod.c:53
+msgid "Groups to add this user to"
+msgstr ""
+
+#: src/tools/sss_usermod.c:54
+msgid "Groups to remove this user from"
+msgstr ""
+
+#: src/tools/sss_usermod.c:55
+msgid "Lock the account"
+msgstr ""
+
+#: src/tools/sss_usermod.c:56
+msgid "Unlock the account"
+msgstr ""
+
+#: src/tools/sss_usermod.c:57
+msgid "Add an attribute/value pair. The format is attrname=value."
+msgstr ""
+
+#: src/tools/sss_usermod.c:58
+msgid "Delete an attribute/value pair. The format is attrname=value."
+msgstr ""
+
+#: src/tools/sss_usermod.c:59
+msgid ""
+"Set an attribute to a name/value pair. The format is attrname=value. For "
+"multi-valued attributes, the command replaces the values already present"
+msgstr ""
+
+#: src/tools/sss_usermod.c:117 src/tools/sss_usermod.c:126
+#: src/tools/sss_usermod.c:135
+msgid "Specify the attribute name/value pair(s)\n"
+msgstr ""
+
+#: src/tools/sss_usermod.c:152
+msgid "Specify user to modify\n"
+msgstr ""
+
+#: src/tools/sss_usermod.c:180
+msgid ""
+"Cannot find user in local domain, modifying users is allowed only in local "
+"domain\n"
+msgstr ""
+
+#: src/tools/sss_usermod.c:322
+msgid "Could not modify user - check if group names are correct\n"
+msgstr ""
+
+#: src/tools/sss_usermod.c:326
+msgid "Could not modify user - user already member of groups?\n"
+msgstr ""
+
+#: src/tools/sss_usermod.c:330
+msgid "Transaction error. Could not modify user.\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:188
+msgid "No cache object matched the specified search\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:431
+#, c-format
+msgid "Couldn't invalidate %1$s\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:438
+#, c-format
+msgid "Couldn't invalidate %1$s %2$s\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:589
+msgid "Invalidate all cached entries except for sudo rules"
+msgstr ""
+
+#: src/tools/sss_cache.c:591
+msgid "Invalidate particular user"
+msgstr ""
+
+#: src/tools/sss_cache.c:593
+msgid "Invalidate all users"
+msgstr ""
+
+#: src/tools/sss_cache.c:595
+msgid "Invalidate particular group"
+msgstr ""
+
+#: src/tools/sss_cache.c:597
+msgid "Invalidate all groups"
+msgstr ""
+
+#: src/tools/sss_cache.c:599
+msgid "Invalidate particular netgroup"
+msgstr ""
+
+#: src/tools/sss_cache.c:601
+msgid "Invalidate all netgroups"
+msgstr ""
+
+#: src/tools/sss_cache.c:603
+msgid "Invalidate particular service"
+msgstr ""
+
+#: src/tools/sss_cache.c:605
+msgid "Invalidate all services"
+msgstr ""
+
+#: src/tools/sss_cache.c:608
+msgid "Invalidate particular autofs map"
+msgstr ""
+
+#: src/tools/sss_cache.c:610
+msgid "Invalidate all autofs maps"
+msgstr ""
+
+#: src/tools/sss_cache.c:614
+msgid "Invalidate particular SSH host"
+msgstr ""
+
+#: src/tools/sss_cache.c:616
+msgid "Invalidate all SSH hosts"
+msgstr ""
+
+#: src/tools/sss_cache.c:619
+msgid "Only invalidate entries from a particular domain"
+msgstr ""
+
+#: src/tools/sss_cache.c:668
+msgid "Please select at least one object to invalidate\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:751
+#, c-format
+msgid ""
+"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
+"use fully qualified name instead of --domain/-d parameter.\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:755
+msgid "Could not open available domains\n"
+msgstr ""
+
+#: src/tools/sss_debuglevel.c:40
+msgid "\n"
+msgstr ""
+
+#: src/tools/sss_debuglevel.c:96
+msgid "Specify debug level you want to set\n"
+msgstr ""
+
+#: src/tools/sss_debuglevel.c:102
+msgid "Only one argument expected\n"
+msgstr ""
+
+#: src/tools/tools_util.c:204
+#, c-format
+msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
+msgstr ""
+
+#: src/tools/tools_util.c:309
+msgid "Out of memory\n"
+msgstr ""
+
+#: src/tools/tools_util.h:43
+#, c-format
+msgid "%1$s must be run as root\n"
+msgstr ""
+
+#: src/util/util.h:112
+msgid "Send the debug output to files instead of stderr"
+msgstr ""
+
+#: src/util/util.h:182
+msgid "The user ID to run the server as"
+msgstr ""
+
+#: src/util/util.h:184
+msgid "The group ID to run the server as"
+msgstr ""
diff --git a/po/ru.po b/po/ru.po
index bd7edd561..eeb684185 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -4,13 +4,14 @@
#
# Translators:
# Stanislav Hanzhin <hanzhin.stas@gmail.com>, 2012
+# Oleksii Levan <exlevan@gmail.com>, 2016. #zanata
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
-"PO-Revision-Date: 2014-06-04 02:04-0400\n"
-"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
+"PO-Revision-Date: 2016-02-23 10:04-0500\n"
+"Last-Translator: Oleksii Levan <exlevan@gmail.com>\n"
"Language-Team: Russian (http://www.transifex.com/projects/p/sssd/language/"
"ru/)\n"
"Language: ru\n"
@@ -19,163 +20,194 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr "Установить подробность журнала отладки"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr "Добавить отметки времени в журнал отладки"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
-msgstr ""
+msgstr "Указывать микросекунды в отметках времени в журнале отладки"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr "Записывать отладочные сообщения в файлы журнала"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr "Тайм-аут ping до перезапуска службы"
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
+"Время до принудительной остановки службы после трёх неуспешных проверок ping"
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr "Команда для запуска службы"
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr "Количество попыток подключения к поставщикам данных"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
-msgstr ""
+msgstr "Количество файловых дескрипторов, которые может открыть этот процесс"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
+msgstr "Время простоя до автоматического отсоединения клиента"
+
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr "Запускаемые службы SSSD"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr "Запускаемые домены SSSD"
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr "Тайм-аут для сообщений, отправленных через SBUS"
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr "Регулярное выражение для разбора имени пользователя и домена"
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
-msgstr "Отображать полные имена в формате, совместимом с printf"
+msgstr "Printf-совместимый формат для отображения полностью определённых имён"
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
+"Каталог файловой системы, в котором SSSD должен сохранять файлы кеша повтора "
+"Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
-msgstr ""
+msgstr "Домен для имён без указанного компонента домена"
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
-msgstr ""
+msgstr "Пользователь, чьи привилегии будут использоваться"
#: src/config/SSSDConfig/__init__.py.in:65
+#, fuzzy
+msgid "Tune certificate verification"
+msgstr "Требуется проверка сертификата TLS"
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr "Длина тайм-аута кэша перечисления (в секундах)"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr "Тайм-аут фонового обновления элемента списка кэша (в секундах)"
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr "Отрицательная длина тайм-аута кэша (в секундах)"
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+#, fuzzy
+msgid "Files negative cache timeout length (seconds)"
+msgstr "Отрицательная длина тайм-аута кэша (в секундах)"
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr "Пользователи, которых SSSD должен явно игнорировать "
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr "Группы, которые SSSD должен явно игнорировать "
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr "Должны ли отфильтрованные пользователи появляться в группах"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr "Значение поля пароля, которое должен вернуть поставщик NSS"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr ""
+"Переопределять значение домашнего каталога от поставщика учётных данных этим "
+"значением"
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
+"Заменять пустое значение домашнего каталога от поставщика учётных данных "
+"этим значением"
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr ""
+"Переопределять значение командной оболочки от поставщика учётных данных этим "
+"значением"
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr ""
+"Список командных оболочек, с которыми пользователям разрешён вход в систему"
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
+"Список командных оболочек, которые будут ветированы и заменены запасной "
+"оболочкой"
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
+"Если командная оболочка из центрального каталога разрешена, но не доступна, "
+"использовать эту как запасную"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr ""
+"Оболочка, которая будет использоваться, если поставщиком оболочка не указана"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
-msgstr ""
+msgstr "Насколько долго записи кеша в памяти будут оставаться действительными"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
+"Все пробелы в именах пользователей и групп будут заменены этим символом"
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Разрешённый интервал кэшированных входов между интерактивными входами (в "
"днях)"
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr "Разрешённое количество неудачных попыток неинтерактивного входа"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -183,1250 +215,1279 @@ msgstr ""
"Временной интервал (в минутах), в течение которого будет запрещён вход после "
"достижения offline_failed_login_attempts"
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+msgid "Message printed when user account is locked."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
#, fuzzy
msgid "Path to storage of trusted CA certificates"
msgstr "Файл содержащий сертификаты CA"
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr "Поставщик данных для идентификации"
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr "Поставщик данных для проверки подлинности"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr "Поставщик данных для контроля доступа"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr "Поставщик операции смены пароля"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr "Минимальный ID пользователя"
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr "Максимальный ID пользователя"
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr "Включить перечисление всех пользователей/групп"
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr "Кэшировать учётные данные для неинтерактивного входа"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr "Хранить хеши паролей"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr "Отображать пользователей/группы в полной форме"
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr "Тайм-аут элемента списка кэша (в секундах)"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Ограничивать или предпочитать определённое семейство адресов при выполнении "
"запросов DNS"
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Как долго хранить кэшированные элементы списка после последнего успешного "
"входа (в днях)"
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr "Время ожидания ответа DNS при преобразовании имён серверов (секунд)"
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr "Доменная часть DNS-запроса поиска служб"
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr "Интерфейс, адрес которого будет использован для обновления DNS"
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr "IPA-домен"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr "адрес сервера IPA"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr "имя узла клиента IPA"
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr "Если требуется автоматическое обновление записи в"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr "Фильтр LDAP для определения прав доступа"
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr "Имя сервера Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr "Область действия Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr "Тайм-аут проверки подлинности"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr "Каталог для хранения кэшей учётных данных"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr "Расположения кэша учётных данных пользователей"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr "Расположение keytab-файла для проверки учётных данных"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr "Включить проверку учётных данных"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr ""
"При отсутствии соединения сохранить пароль и пройти аутентификацию позже"
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr "Сервер, на котором запущена служба смены пароля (если не на KDC)"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, URI сервера LDAP "
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr "Base DN по умолчанию"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Тип схемы, используемой на LDAP-сервере, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr "Bind DN по умолчанию"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr "Тип маркера проверки подлинности для bind DN по умолчанию"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr "Маркер проверки подлинности для bind DN по умолчанию"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr "Временной интервал для попытки соединения"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Временной интервал для попытки синхронизации операций LDAP"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
"Временной интервал между попытками возобновления соединения в автономного "
"режиме"
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr "Файл содержащий сертификаты CA"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr "Путь к каталогу с сертификатами CA"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr "Требуется проверка сертификата TLS"
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr "Укажите механизм sasl"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr "Укажите идентификатор авторизации sasl"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr "Keytab-файл службы Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr "Использовать проверку подлинности Kerberos для LDAP-соединения"
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr "Следовать ссылкам LDAP"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr "Время жизни TGT для LDAP-соединений"
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr "Временной интервал, в течение которого ожидать поискового запроса"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr "Временной интервал между обновлениями перечисления"
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr "Требовать TLS для запросов ID"
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr "Base DN для поиска"
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr "Глубина поиска"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr "Фильтр поиска"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr "Objectclass для пользователей"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr "Атрибут «UID»"
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr "Атрибут «primary GID»"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr "Атрибут «GECOS»"
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr "Атрибут домашнего каталога"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr "Атрибут оболочки"
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr "Атрибут участника-пользователя (для Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr "Полное имя"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr "Атрибут memberOf"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr "Атрибут времени изменения"
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+msgid "The LDAP group external member attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr "Политика вычисления окончания срока действия пароля"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr "Разделённый запятыми список разрешённых пользователей"
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr "Разделённый запятыми список запрещённых пользователей"
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr "Оболочка по умолчанию, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr "Место для домашних каталогов"
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr "Имя используемой библиотеки NSS"
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr "Используемый стек PAM"
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr "Запускаться в качестве службы (по умолчанию)"
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr "Запускаться интерактивно (не службой)"
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Указать файл конфигурации"
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr "Уровень отладки"
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr "Добавить отладочные отметки времени"
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr "Открытый дескриптор файла для журналов отладки"
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr ""
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr ""
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr "Домен поставщика информации (обязательный)"
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
"Для привилегированного сокета установлен неверный владелец или права доступа."
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr ""
"Для общедоступного сокета установлен неверный владелец или права доступа."
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr ""
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr "Сообщение сервера:"
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr "Пароли не совпадают"
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ", срок действия вашего кэшированного пароль истечёт:"
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr "Система находится в автономном режиме, невозможно сменить пароль"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
msgstr ""
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr "Не удалось сменить пароль."
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr "Новый пароль:"
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr "Введите новый пароль ещё раз:"
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr "Пароль:"
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr "Текущий пароль:"
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr "Срок действия пароля истёк. Необходимо сейчас изменить ваш пароль."
@@ -1435,7 +1496,7 @@ msgstr "Срок действия пароля истёк. Необходимо
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "Уровень отладки для запуска"
@@ -1448,7 +1509,7 @@ msgstr ""
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr ""
@@ -1893,88 +1954,96 @@ msgstr "Не удалось изменить пользователя — он
msgid "Transaction error. Could not modify user.\n"
msgstr "Ошибка в транзакции. Не удалось изменить пользователя.\n"
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr ""
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr ""
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
+#: src/tools/sss_cache.c:644
+msgid "Invalidate all cached entries"
msgstr ""
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr ""
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr ""
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+msgid "Invalidate particular sudo rule"
+msgstr ""
+
+#: src/tools/sss_cache.c:677
+msgid "Invalidate all cached sudo rules"
+msgstr ""
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr ""
@@ -1995,23 +2064,22 @@ msgstr ""
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr "Недостаточно памяти\n"
#: src/tools/tools_util.h:43
#, c-format
msgid "%1$s must be run as root\n"
-msgstr ""
+msgstr "%1$s требует прав суперпользователя\n"
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr "Отправлять отладочные сообщения в файлы, а не в stderr"
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
-msgstr ""
+msgstr "ID пользователя, под которым запускать сервер"
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
-msgstr ""
+msgstr "ID группы, под которым запускать сервер"
+
+#~ msgid "Send the debug output to files instead of stderr"
+#~ msgstr "Отправлять отладочные сообщения в файлы, а не в stderr"
diff --git a/po/sssd.pot b/po/sssd.pot
index 1a447df65..dab4eff6b 100644
--- a/po/sssd.pot
+++ b/po/sssd.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -18,1397 +18,1439 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:65
+msgid "Tune certificate verification"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+msgid "Files negative cache timeout length (seconds)"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+msgid "Message printed when user account is locked."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
msgid "Path to storage of trusted CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+msgid "The LDAP group external member attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr ""
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr ""
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr ""
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr ""
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
msgstr ""
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr ""
@@ -1417,7 +1459,7 @@ msgstr ""
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr ""
@@ -1430,7 +1472,7 @@ msgstr ""
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr ""
@@ -1860,88 +1902,96 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr ""
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr ""
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr ""
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
+#: src/tools/sss_cache.c:644
+msgid "Invalidate all cached entries"
msgstr ""
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr ""
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr ""
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+msgid "Invalidate particular sudo rule"
+msgstr ""
+
+#: src/tools/sss_cache.c:677
+msgid "Invalidate all cached sudo rules"
+msgstr ""
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr ""
@@ -1962,7 +2012,7 @@ msgstr ""
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr ""
@@ -1971,14 +2021,10 @@ msgstr ""
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr ""
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr ""
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr ""
diff --git a/po/sv.po b/po/sv.po
index f9a0cc05e..bdc35fe70 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
"PO-Revision-Date: 2014-06-07 05:40-0400\n"
"Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n"
"Language-Team: Swedish (http://www.transifex.com/projects/p/sssd/language/"
@@ -18,72 +18,77 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr "Ange pratsamhet för felsökningsloggning"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr "Inkludera tidsstämplar i felsökningsloggar"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr "Inkludera mikrosekunder i tidsstämplar i felsökningsloggar"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr "Skriv felmeddelanden till loggfiler"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr "Ping-tidsgräns före tjänst startas om"
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
"Tidsgräns mellan tre misslyckade ping-kontroller och att framtvingat döda "
"tjänsten"
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr "Kommando för att starta tjänst"
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr "Antal gånger att försöka ansluta till dataleverantörer"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr "Antalet fildeskriptorer som får öppnas av denna svarare"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr "Inaktiv tid före en klient automatiskt kopplas ifrån"
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr "SSSD-tjänster att starta"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr "SSSD-domäner att starta"
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr "Tidsgräns för meddelanden skickade via SBUS"
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr "Reguljäruttryck för att tolka användarnamn och domän"
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Printf-kompatibla format för att visa fullständigt kvalificerade namn"
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -91,67 +96,77 @@ msgstr ""
"Katalog på filsystemet där SSSD skall lagra sparade återspolningsfiler från "
"Kerberos."
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr "Domän att lägga till till namn utan en domändel."
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:65
+#, fuzzy
+msgid "Tune certificate verification"
+msgstr "Kräv TLS-certifikatverifiering"
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr "Tidsgränslängd för uppräkningscache (sekunder)"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr "Tidsgränslängd för bakgrundsuppdateringar av postcache (sekunder)"
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr "Tidsgränslängd för negativ cache (sekunder)"
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+#, fuzzy
+msgid "Files negative cache timeout length (seconds)"
+msgstr "Tidsgränslängd för negativ cache (sekunder)"
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr "Användare som SSSD uttryckligen skall bortse ifrån"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr "Grupper som SSSD uttryckligen skall bortse ifrån"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr "Skall filtrerade användare förekomma i grupper"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr "Värdet på lösenordfältet som NSS-leverantörer skall returnera"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr "Åsidosätt hemkatalogvärdet från identitetsleverantören med detta värde"
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
"Ersätt ett tomt hemkatalogvärde från identitetsleverantören med detta värde"
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr "Åsidosätt skalvärdet från identitetsleverantören med detta värde"
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr "Listan på skal användare får lova att logga in med"
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr "Listan på skal som kommer förbjudas, och ersättas med standardskalet"
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -159,28 +174,28 @@ msgstr ""
"Om ett skal lagrat i en central katalog är tillåtet men inte tillgängligt, "
"använd detta alternativ"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr "Skal att använda om leverantören inte listar något"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr "Hur länge sparade poster i minnet är giltiga"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Hur länge sparade inloggningar tillåts mellan online-inloggningar (dagar)"
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr "Hur många misslyckade inloggningsförsök som tillåts i frånkopplat läge"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -188,48 +203,60 @@ msgstr ""
"Hur länge (minuter) som inloggning nekas efter att "
"frånkopplade_inloggningsförsök har nåtts"
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr "Vilka slags meddelanden som visas för användaren under autenticering"
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr "Hur många sekunder identitetsinformationen hålls sparad för PAM-frågor"
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr "Hur många dagar före ett lösenord går ut en varning skall visas"
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+msgid "Message printed when user account is locked."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr "Om tidsbaserade attribut i sudo-regler skall beräknas"
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
"Om värdnamn och adresser i known_hosts-filen skall göras till kontrollsummor"
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
@@ -237,544 +264,557 @@ msgstr ""
"Hur många sekunder att behålla en värd i filen known_hosts efter att dess "
"värdnycklar begärdes"
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
#, fuzzy
msgid "Path to storage of trusted CA certificates"
msgstr "Fil som innehåller CA-certifikat"
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr "Lista över UID:er eller användarnamn som tillåts komma åt PAC-svararen"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
"Lista över UID:er eller användarnamn som tillåts komma åt InfoPipe-svararen"
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr "Lista över aänvändarattribut InfoPipe får publicera"
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr "Identifiera leverantör"
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr "Autentiseringsleverantör"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr "Leverantör av åtkomstkontroll"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr "Leverantör av lösenordsändringar"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr "SUDO-leverantör"
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr "Autofs-leverantör"
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr "Sessionsinläsningsleverantör"
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr "Värdidentiftetsleverantör"
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr "Minsta användar-ID"
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr "Största användar-ID"
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr "Aktivera uppräkning av alla användare/grupper"
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr "Cache-kreditiv för frånkopplad inloggning"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr "Lagra lösenords-kontrollsummor"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr "Visa användare/grupper i fullständigt kvalificerat format"
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr "Inkludera inte gruppmedlemmar i gruppuppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr "Tidsgränslängd för postcache (sekunder)"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr "Begränsa eller föredra en specifik adressfamilj vid DNS-uppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Hur länge cachade poster skall behållas efter senaste lyckade inloggning "
"(dagar)"
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr "Hur länge man väntar på svar från DNS när servrar slås upp (sekunder)"
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr "Domändelen av DNS-frågan för tjänstedetektering"
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr "Åsidosätt GID-värdet från identitetsleverantören med detta värde"
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr "Behandla användarnamn som skiftlägeskänsliga"
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr "Hur ofta utgångna poster skall förnyas i bakgrunden"
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr "Huruvida klienternas DNS-poster uppdateras automatiskt"
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr "TTL:en att använda för klientens DNS-post efter att ha uppdaterat den"
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr "Gränssnittet var IP skall användas för dynamiska DNS-uppdateringar"
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr "Hur ofta klienternas DNS-poster periodiskt skall uppdateras"
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr "Huruvida leverantören explicit skall uppdatera PTR-posten också"
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr "Huruvida verktyget nsupdate skall använda TCP som standard"
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
"Vilken sorts autenticering som skall användas för att utföra DNS-"
"uppdateringen"
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
#, fuzzy
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
"Vilken sorts autenticering som skall användas för att utföra DNS-"
"uppdateringen"
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr "Styr uppräkning av betrodda domäner"
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr "Hur ofta skall listan över underdomäner uppdateras"
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr "IPA-domän"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr "IPA-serveradress"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr "Adress till reserv-IPA-server"
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr "IPA-klienvärdnamn"
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr "Om klientens DNS-post i FreeIPA automatiskt skall uppdateras"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr "Sökbas för HBAC-relaterade objekt"
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr "Tidsåtgången mellan uppslagningar av HBAC-reglerna mot IPA-servern"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
"Tiden i sekunder mellan uppslagningar av SELinux-mappningar mot IPA-servern"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr "Om satt till falskt kommer värdargument givna av PAM ignoreras"
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr "Platsen för automatmonteraren denna IPA-klient använder"
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr "Sökbas för objekt som innehåller information om IPA-domänen"
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr "Sökbas för objekt som innehåller information om ID-intervall"
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr "Aktivera DNS-sajter - platsbaserad detektering av tjänster"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr "Active Directory-domän"
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr "Adress till Active Directory-server"
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr "Adress till Active Directory-reservserver"
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr "Active Directory-klienvärdnamn"
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr "LDAP-filter för att bestämma åtkomstprivilegier"
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr "Huruvida den globala katalogen skall användas för uppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr "Arbetsläge för GPO-baserad åtkomstkontrol"
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr "Adress till server för Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr "Adress till reservserver för Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr "Kerberosrike"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr "Autentiseringstidsgräns"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr "Huruvida kdcinfo-filer skall skapas"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr "Katalog att lagra kreditiv-cachar i"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr "Plats för användarens kreditiv-cache"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr "Plats för nyckeltabellen för att validera kreditiv"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr "Aktivera validering av kreditiv"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr "Lagra lösenord när ej ansluten för ansluten autentisering senare"
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr "Förnybar livstid för TGT:n"
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr "Livstid för TGT:n"
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr "Tid mellan två kontroller av förnyelse"
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr "Aktiverar FAST"
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr "Väljer huvudman att använda för FAST"
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr "Aktivera kanonsisk form av huvudman"
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr "Aktiverar företagshuvudmän"
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr "Server där ändringstjänsten för lösenord kör om inte på KDC:n"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, URI:n för LDAP-servern"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr "ldap_backup_uri, URI:n för LDAP-servern"
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr "Standard bas-DN"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Schematypen som används i LDAP-servern, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr "Standard bindnings-DN"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr "Typen på autenticerings-token för standard bindnings-DN"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr "Autenticerings-token för standard bindnings-DN"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr "Tidslängd att försöka ansluta"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Tidslängd att försök synkrona LDAP-operationer"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr "Tidslängd mellan försök att återansluta vid frånkoppling"
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr "Använd endast versaler för namn på riken"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr "Fil som innehåller CA-certifikat"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr "Sökväg till katalogen med CA-certifikat"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr "Fil som innehåller klientcertifikatet"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr "Fil som innehåller klientnyckeln"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr "Lista över möjliga chiffersviter"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr "Kräv TLS-certifikatverifiering"
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr "Ange sasl-mekanismen att använda"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr "Ange sasl-auktorisering-id att använda"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr "Ange sasl-auktoriseringsrike att använda"
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr "Ange minsta SSF för LDAP-sasl-auktorisering"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr "Kerberostjänstens nyckeltabell"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr "Avnänd Kerberosautenticering för LDAP-anslutning"
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr "Följer LDAP-hänvisningar"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr "Livslängd på TGT för LDAP-anslutning"
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr "Hur alias skall derefereras"
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr "Tjänstenamn för uppslagning av DNS-tjänster"
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr "Antalet poster som skall hämtas i en enda LDAP-fråga"
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
"Antalet medlemmar som måste saknas för att orsaka en fullständig dereferering"
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -782,369 +822,378 @@ msgstr ""
"Huruvida LDAP-biblioteket skall utföra en omvänd uppslagning för att ta fram "
"värdnamnets kanoniska form under en SASL-bindning"
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr "entryUSN-attribut"
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr "lastUSN-attribut"
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
"Hur länge en anslutning till LDAP-servern skall behållas före den kopplas ner"
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr "Avaktivera flödesstyrningen (paging) av LDAP"
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr "Avaktivera Active Directorys intervallhämtande"
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr "Tidslängd att vänta på en sökbegäran"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr "Tidslängd att vänta på en uppräkningsbegäran"
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr "Tidslängd mellan uppräkningsuppdateringar"
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr "Tidslängd mellan cache-tömningar"
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr "Kräv TLS för ID-uppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr "Använd ID-översättning av objectSID istället för pre-set ID:n"
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr "Bas-DN för användaruppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr "Omfång av användaruppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr "Filter för användaruppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr "Objektklass för användare"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr "UID-attribut"
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr "Primärt GID-attribut"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr "GECOS-attribut"
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr "Hemkatalogattribut"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr "Skalattribut"
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr "objectSID-attribut"
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr "Primärt gruppattribut i Active Directory för ID-mappning"
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr "Användarens huvudmansattribut (för Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr "Fullständigt namn"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr "medlemAv-attribut"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr "Modifieringstidsattribut"
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr "attributet shadowLastChange"
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr "shadowMin-attribut"
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr "shadowMax-attribut"
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr "shadowWarning-attribut"
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr "shadowInactive-attribut"
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr "shadowExpire-attribut"
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr "shadowFlag-attribut"
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr "Attribut för listning av auktoriserade PAM-tjänster"
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr "Attribut för listning av auktoriserade servervärdar"
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr "attributet krbLastPwdChange"
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr "krbPasswordExpiration-attribut"
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr "Attribut som indikerar att serversidans lösenordspolicyer är aktiva"
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr "AD:s attribut accountExpires"
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr "AD:s attribut userAccountControl"
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr "attributet nsAccountLock"
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr "NDS attribut loginDisabled"
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr "NDS attribut loginExpirationTime"
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "NDS attribut loginAllowedTimeMap"
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr "Attribut för publik SSH-nyckel"
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr "En lista över extra attribut att hämta tillsammans med användarposten"
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr "Bas-DN för gruppuppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr "Objektklass för grupper"
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr "Gruppnamn"
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr "Grupplösenord"
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr "GID-attribut"
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr "Gruppmedlemsattribut"
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr "Modifieringstidsattribut för grupper"
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr "Typen av grupp och andra flaggor"
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+#, fuzzy
+msgid "The LDAP group external member attribute"
+msgstr "Attribut på nätgruppmedlemmar"
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr "Maximal nästningsnivå SSSd kommer följa"
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr "Bas-DN för nätgruppuppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr "Objektklass för nätgrupper"
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr "Nätgruppnamn"
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr "Attribut på nätgruppmedlemmar"
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr "Attribut på nätgruppstripplar"
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr "Modifieringstidsattribut för nätgrupper"
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr "Bas-DN för tjänsteuppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr "Objektklass för tjänster"
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr "Tjänstenamnsattribut"
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr "Tjänsteportsattribut"
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr "Tjänsteprotokollsattribut"
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr "Undre gräns för ID-mappning"
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr "Övre gräns för ID-mappning"
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr "Antal ID:n till varje skiva vid ID-mappning"
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr "Använd en autorid-kompatibel algoritm för ID-mappning"
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr "Standarddomänens namn för ID-mappning"
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr "Standarddomänens SID för ID-mappning"
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr "Använd LDAP_MATCHING_RULE_IN_CHAIN för gruppuppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr "Använd LDAP_MATCHING_RULE_IN_CHAIN för init-gruppuppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr "Huruvida Token-Groups skall användas"
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr "Sätt undre gräns för tillåtna ID:n från LDAP-servern"
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr "Sätt övre gräns för tillåtna ID:n från LDAP-servern"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr "Policy för att utvärdera utgång av lösenord"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr "Vilka attribut skall användas för att avgöra om ett konto gått ut"
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr "Vilka regler skall användas för att avgöra åtkomstkontroll"
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr "URI till en LDAP-server där lösenordsändringar är tillåtna"
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr "URI till en reserv-LDAP-server där lösenordsändringar är tillåtna"
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr "DNS-tjänstenamn för LDAP-lösenordsändringsservern"
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
@@ -1152,24 +1201,24 @@ msgstr ""
"Huruvida attributet ldap_user_shadow_last_change skall uppdateras efter en "
"ändring av lösenord"
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr "Bas-DN för regeluppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr "Intervall mellan automatisk fullständig omläsning"
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr "Intervall mellan automatisk smart omläsning"
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
"Huruvida regler skall filtreras efter värdnamn, IP-adresser och nätverk"
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
@@ -1177,244 +1226,240 @@ msgstr ""
"Värdnamn och/eller fullständigt kvalificerade domännamn på denna maskin för "
"att filtrera sudo-regler"
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
"IPv4- eller IPv6-adresser eller -nätverk för denna maskin för att filtrera "
"sudo-regler"
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
"Huruvida regler som innehåller nätgrupper i värdattribut skall inkluderas"
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
"Huruvida regler som innehåller reguljära uttryck i värdattribut skall "
"inkluderas"
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr "Objektklass för sudo-regler"
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr "Sudo-regelnamn"
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr "Attribut för sudo-regelkommandon"
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr "Attribut för sudo-regelvärd"
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr "Attribut för sudo-regelanvändare"
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr "Attribut för sudo-regelflaggor"
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr "Attribut för sudo-runasuser"
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr "Attribut på runasgroup i sudo-regel"
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr "Attribut för sudo-notbefore-regler"
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr "Attribut för sudo-notafter-regler"
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr "Attribut för sudo-order-regler"
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr "Objektklass för automatmonteraravbildningar"
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr "Attribut för automatmonteraravbildningsnamn"
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr "Objektklass för poster i automatmonteraravbildningar"
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr "Attribut för postnycklar i automatmonteraravbildningar"
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr "Attribut på postvärde i avbildning för automatmonteraren"
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr "Bas-DN för uppslagningar i automatmonteraravbildningar"
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr "Kommaseparerad lista över tillåtna användare"
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr "Kommaseparerad lista över förbjudna användare"
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr "Standardskal, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr "Bas för hemkataloger"
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr "Namnet på NSS-biblioteket att använda"
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr "Huruvida kanoniska gruppnamn skall slås upp från cachen om möjligt"
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr "PAM-stack att använda"
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr "Bli en demon (standard)"
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr "Kör interaktivt (inte en demon)"
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Ange en konfigurationsfil annan än standard"
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr "Skriv ut versionsnumret och avsluta"
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr "Felsökningsnivå"
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr "Lägg till felsökningstidstämplar"
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr "Visa tidsstämplar med mikrosekunder"
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr "Ett öppet filhandtag för felsökningsloggarna"
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr ""
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr ""
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr "Domän för informationsleverantören (obligatoriskt)"
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr "Priviligierat uttag (socket) har fel ägarskap eller rättigheter."
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr "Publikt uttag (socket) har fel ägarskap eller rättigheter."
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr "Oväntat format på serverns kreditivmeddelande."
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr "SSSD körs inte av root."
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr "Ett fel uppstod, men ingen beskrivning kan hittas."
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr "Oväntat fel vid sökning efter ett felmeddelande"
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr ""
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr "Servermeddelande: "
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr "Lösenorden stämmer inte överens"
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr "Återställning av lösenord av root stöds inte."
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr "Autentiserad med cachade kreditiv"
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ", ditt cache-lösenord kommer gå ut: "
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr "Ditt lösenord har gått ut. Du har en frist på %1$d inloggningar kvar."
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr "Ditt lösenordet kommer gå ut om %1$d %2$s."
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr "Autentisering nekas till: "
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr "Systemet är frånkopplat, ändring av lösenord är inte möjligt"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
@@ -1422,35 +1467,35 @@ msgstr ""
"Efter att ha ändrat OTP-lösenordet behöver du logga ut och tillbaka in för "
"att få en biljett"
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr "Lösenordsändringen misslyckades. "
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr "Nytt lösenord: "
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr "Skriv det nya lösenordet igen: "
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr "Lösenord: "
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr "Nuvarande lösenord: "
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr "Lösenordet har gått ut. Ändra ditt lösenord nu."
@@ -1459,7 +1504,7 @@ msgstr "Lösenordet har gått ut. Ändra ditt lösenord nu."
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "Felsökningsnivån att köra med"
@@ -1472,7 +1517,7 @@ msgstr "SSSD-domäner att använda"
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr "Fel när lokalen sattes\n"
@@ -1930,81 +1975,92 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr "Transaktionsfel. Det gick inte att ändra användaren.\n"
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr "Inga cache-objekt matchade den angivna sökningen\n"
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr ""
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr ""
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
-msgstr "Invalidera alla cachade poster utom sudo-regler"
+#: src/tools/sss_cache.c:644
+#, fuzzy
+msgid "Invalidate all cached entries"
+msgstr "Invalidera alla tjänster"
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr "Invalidera en viss användare"
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr "Invalidera alla användare"
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr "Invalidera en viss grupp"
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr "Invalidera alla grupper"
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr "Invalidera en viss nätgrupp"
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr "Invalidera alla nätgrupper"
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr "Invalidera en viss tjänst"
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr "Invalidera alla tjänster"
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr "Invalidera en viss autofs-mapp"
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr "Invalidera alla autofs-mappar"
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr ""
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr ""
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+#, fuzzy
+msgid "Invalidate particular sudo rule"
+msgstr "Invalidera en viss användare"
+
+#: src/tools/sss_cache.c:677
+#, fuzzy
+msgid "Invalidate all cached sudo rules"
+msgstr "Invalidera alla cachade poster utom sudo-regler"
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr "Invalidera endast poster från en viss domän"
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr "Välj åtminstone ett objekt att invalidera\n"
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
@@ -2013,7 +2069,7 @@ msgstr ""
"Kunde inte öppna domänen %1$s. Om domänen är en underdomän (betrodd domän), "
"använd fullt kvalificerat namn istället för parametrarna --domain/-d.\n"
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr "Kunde inte öppna tillgängliga domäner\n"
@@ -2036,7 +2092,7 @@ msgstr ""
"Namnet ”%1$s” verkar inte vara ett fullt kvalificerad domännamn (”%2$s = "
"TRUE” är satt)\n"
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr "Slut på minne\n"
@@ -2045,14 +2101,13 @@ msgstr "Slut på minne\n"
msgid "%1$s must be run as root\n"
msgstr "%1$s måste köras som root\n"
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr "Skicka felutskrifter till filer istället för standard fel"
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr ""
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr ""
+
+#~ msgid "Send the debug output to files instead of stderr"
+#~ msgstr "Skicka felutskrifter till filer istället för standard fel"
diff --git a/po/tg.po b/po/tg.po
index 0c99f1281..4fa705408 100644
--- a/po/tg.po
+++ b/po/tg.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/"
@@ -17,1400 +17,1442 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:65
+msgid "Tune certificate verification"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+msgid "Files negative cache timeout length (seconds)"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+msgid "Message printed when user account is locked."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
msgid "Path to storage of trusted CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr "Номи гурӯҳ"
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr "Пароли гурӯҳ"
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr "Аттрибути GID"
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+msgid "The LDAP group external member attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr ""
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr ""
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr ""
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr "Паролҳо номувофиқанд"
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
msgstr ""
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr "Пароли нав:"
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr "Парол:"
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr ""
@@ -1419,7 +1461,7 @@ msgstr ""
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr ""
@@ -1432,7 +1474,7 @@ msgstr ""
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr ""
@@ -1862,88 +1904,96 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr ""
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr ""
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr ""
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
+#: src/tools/sss_cache.c:644
+msgid "Invalidate all cached entries"
msgstr ""
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr ""
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr ""
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+msgid "Invalidate particular sudo rule"
+msgstr ""
+
+#: src/tools/sss_cache.c:677
+msgid "Invalidate all cached sudo rules"
+msgstr ""
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr ""
@@ -1964,7 +2014,7 @@ msgstr ""
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr "Берун аз хотира\n"
@@ -1973,14 +2023,10 @@ msgstr "Берун аз хотира\n"
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr ""
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr ""
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr ""
diff --git a/po/tr.po b/po/tr.po
index 5621c4093..d642c4d94 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Turkish (http://www.transifex.com/projects/p/sssd/language/"
@@ -18,1400 +18,1442 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr "Servis başlatma komutu"
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:65
+msgid "Tune certificate verification"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+msgid "Files negative cache timeout length (seconds)"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+msgid "Message printed when user account is locked."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
msgid "Path to storage of trusted CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr "En az kullanıcı ID'si"
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr "En fazla kullanıcı ID'si"
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr "IPA alanı"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr "Kerberos sunucu adresi"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+msgid "The LDAP group external member attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr ""
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr ""
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr ""
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr ""
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
msgstr ""
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr ""
@@ -1420,7 +1462,7 @@ msgstr ""
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr ""
@@ -1433,7 +1475,7 @@ msgstr ""
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr ""
@@ -1863,88 +1905,96 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr ""
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr ""
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr ""
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
+#: src/tools/sss_cache.c:644
+msgid "Invalidate all cached entries"
msgstr ""
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr ""
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr ""
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+msgid "Invalidate particular sudo rule"
+msgstr ""
+
+#: src/tools/sss_cache.c:677
+msgid "Invalidate all cached sudo rules"
+msgstr ""
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr ""
@@ -1965,7 +2015,7 @@ msgstr ""
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr ""
@@ -1974,14 +2024,10 @@ msgstr ""
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr ""
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr ""
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr ""
diff --git a/po/uk.po b/po/uk.po
index 2cac627f3..8854d5339 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -11,7 +11,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
"PO-Revision-Date: 2015-06-24 09:50-0400\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian (http://www.transifex.com/projects/p/sssd/language/"
@@ -22,73 +22,78 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr "Встановити рівень докладності діагностичних записів журналу"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr "Додати до діагностичних журналів позначки часу"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr "Включати мілісекунди до часових позначок у журналах"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr "Записувати діагностичні повідомлення до файлів журналу"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr "Час очікування відповіді на пінг перед перезапуском служби"
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
"Час очікуванням між трьома послідовними невдалими спробами перевірки луна-"
"імпульсом і примусовим завершенням роботи служби"
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr "Команда запуску служби"
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr "Кількість повторних спроб встановлення з’єднання з надавачами даних"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr "Кількість дескрипторів файлів, які може бути відкрито цим відповідачем"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr ""
"Проміжок бездіяльності до автоматичного від’єднання клієнтської частини"
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr "Служби SSSD, які слід запустити"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr "Домени SSSD, які слід запустити"
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr "Час очікування для повідомлень, надісланих за допомогою SBUS"
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr "Формальний вираз для обробки імені користувача і домену"
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Сумісний з printf формат показу повних назв"
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -96,70 +101,80 @@ msgstr ""
"Каталог у файловій системі, де SSSD має зберігати файли кешу відтворення "
"Kerberos."
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr "Домен, який слід додати до назв без компонента домену."
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr "Користувач, привілеї якого слід скинути"
#: src/config/SSSDConfig/__init__.py.in:65
+#, fuzzy
+msgid "Tune certificate verification"
+msgstr "Потрібна перевірка сертифіката TLS"
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr "Тривалість часу очікування на дані кешу нумерування (у секундах)"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr "Час очікування на фонове оновлення кешу записів (у секундах)"
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr "Від’ємний час очікування на дані з кешу (у секундах)"
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+#, fuzzy
+msgid "Files negative cache timeout length (seconds)"
+msgstr "Від’ємний час очікування на дані з кешу (у секундах)"
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr "Користувачі, яких SSSD має явно ігнорувати"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr "Групи користувачів, які SSSD має явно ігнорувати"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr "Чи слід показувати відфільтрованих користувачів у групах"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr "Значення поля пароля, яке має повертати постачальник даних NSS"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr ""
"Замінити значення назви домашнього каталогу від надавача профілю цим "
"значенням"
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
"Замінювати порожні значення домашніх каталогів у засобі надання даних "
"профілів цим значенням"
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr "Замінити значення оболонки від надавача профілю цим значенням"
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr "Список оболонок, за допомогою яких можуть входити користувачі"
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr "Список оболонок, які буде заборонено і замінено резервною оболонкою"
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -167,30 +182,30 @@ msgstr ""
"Якщо оболонка, що зберігається у центральному каталозі дозволена, але "
"недоступна, використовувати цю резервну"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr "Оболонка, яку слід використовувати, якщо засіб не надає жодної"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr "Строк дії записів кешу у пам’яті"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
"Усі пробіли у назвах груп і іменах користувачів буде замінено на цей символ"
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Тривалість зберігання кешованих реєстраційних даних між входами до системи "
"(у днях)"
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr "Макс. дозволена кількість помилкових спроб входу у автономному режимі"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -198,56 +213,71 @@ msgstr ""
"Тривалість (у хвилинах) заборони входу після досягнення значення "
"offline_failed_login_attempts"
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr "Тип повідомлень, які буде показано користувачеві під час розпізнавання"
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
"Тривалість (у секундах) зберігання даних щодо розпізнавання у кеші для "
"запитів PAM"
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
"Визначає кількість днів між днем, коли має бути показано попередження, і "
"днем, коли завершиться строк дії пароля"
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr "Список надійних UUID або імен користувачів"
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
"Список доменів, доступ до яких відкрито навіть для ненадійних користувачів."
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr ""
"Повідомлення, яке буде виведено, коли строк дії облікового запису "
"користувача буде завершено."
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+#, fuzzy
+msgid "Message printed when user account is locked."
+msgstr ""
+"Повідомлення, яке буде виведено, коли строк дії облікового запису "
+"користувача буде завершено."
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
"Визначає, чи слід обробляти атрибути правил sudo, пов’язані з часовими "
"обмеженнями"
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr "Чи слід хешувати назви та адреси вузлів у файлі known_hosts"
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
@@ -255,317 +285,321 @@ msgstr ""
"Кількість секунд, протягом яких запису вузла зберігатиметься у файлі "
"known_hosts після надсилання запиту щодо ключів вузла"
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
#, fuzzy
msgid "Path to storage of trusted CA certificates"
msgstr "Файл, що містить сертифікати CA"
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
"Список унікальних ідентифікаторів (UID) або імен користувачів, яким надано "
"доступ до відповідача PAC"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
"Список унікальних ідентифікаторів (UID) або імен користувачів, яким надано "
"доступ до відповідача InfoPipe"
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr "Список атрибутів запису користувача, які може оприлюднювати InfoPipe"
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr "Служба профілів"
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr "Служба розпізнавання"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr "Служба керування доступом"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr "Служба зміни паролів"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr "Служба SUDO"
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr "Служба автоматизації файлових систем"
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr "Служба завантаження сеансів"
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr "Служба профілів вузлів"
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr "Мін. ідентифікатор користувача"
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr "Макс. ідентифікатор користувача"
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr "Увімкнути нумерацію всіх користувачів/груп"
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr "Кешувати реєстраційні дані для автономного входу"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr "Зберігати хеші паролів"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr "Показувати записи користувачів/груп повністю"
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr "Не включати учасників групи у пошуки групи"
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr "Тривалість кешування записів (у секундах)"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Обмежити або надавати перевагу певному сімейству адрес під час виконання "
"пошуків DNS"
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Тривалість зберігання кешованих записів після останнього успішного входу (у "
"днях)"
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Тривалість очікування на відповідь від DNS під час визначення адрес серверів "
"(у секундах)"
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr "Частина запиту щодо виявлення служби DNS, пов’язана з доменом"
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr ""
"Замінити значення ідентифікатора групи від надавача профілю цим значенням"
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr "Враховувати регістр у іменах користувачів"
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr "Наскільки часто має виконувати оновлення у тлі застарілих записів"
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr "Визначає, чи слід автоматично оновлювати запис DNS клієнта"
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
"TTL, який слід застосовувати до запису DNS клієнта після його оновлення"
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"Інтерфейс, чию адресу IP має бути використано для динамічних оновлень DNS"
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr "Визначає, наскільки часто слід періодично оновлювати запис DNS клієнта"
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
"Визначає, чи слід надавачу даних також явним чином оновлювати запис PTR"
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr "Визначає, чи слід програмі nsupdate типово використовувати TCP"
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
"Визначає тип розпізнавання, який слід використовувати для виконання "
"оновлення DNS"
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
#, fuzzy
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
"Визначає тип розпізнавання, який слід використовувати для виконання "
"оновлення DNS"
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr "Керувати нумерацією надійних доменів"
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr "Частота оновлення списку піддоменів"
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr "Список параметрів, які має бути успадковано у піддомені"
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr "Домен IPA"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr "Адреса сервера IPA"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr "Адреса резервного сервера IPA"
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr "Назва вузла клієнта IPA"
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
"Визначає, чи слід автоматично оновлювати запис DNS клієнтського вузла у "
"FreeIPA"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr "Шукати у базі об’єкти, пов’язані з HBAC"
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
"Інтервал часу між послідовними сеансами пошуку правил HBAC на сервері IPA"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr "Час, у секундах, між пошуками у картах SELinux на сервері IPA"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
"Якщо встановлено значення «false», аргумент вузла, наданий PAM, буде "
"проігноровано"
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr "Адреса автоматичного монтування, яку використовує цей клієнт IPA"
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr "Шукати у базі об’єкт, що містить дані щодо домену IPA"
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr "Шукати у базі об’єкти, що містять дані щодо діапазонів ідентифікаторів"
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr "Увімкнути сайти DNS — визначення служб на основі адрес"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr "Шукати у базі контейнери перегляду"
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr "Клас об’єктів для контейнерів перегляду"
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr "Атрибут із назвою перегляду"
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr "Клас об’єктів для об’єктів перевизначення"
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr "Атрибут із посиланням на початковий об’єкт"
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr "Клас об’єктів для об’єктів перевизначення користувачів"
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr "Клас об’єктів для об’єктів перевизначення груп"
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr "Домен Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr "Адреса сервера Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr "Адреса резервного сервера Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr "Назва клієнтського вузла Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr "Фільтр LDAP для визначення прав доступу"
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr "Чи слід використовувати загальний каталог для пошуку"
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr "Режим роботи для керування доступом на основі GPO"
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
"Інтервал часу між послідовними сеансами пошуку правил GPO на сервері AD"
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
@@ -573,7 +607,7 @@ msgstr ""
"Назви служб PAM, які виконують прив’язування до параметрів правил GPO "
"(Deny)InteractiveLogonRight"
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
@@ -581,252 +615,261 @@ msgstr ""
"Назви служб PAM, які виконують прив’язування до параметрів правил GPO "
"(Deny)RemoteInteractiveLogonRight"
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
"Назви служб PAM, які виконують прив’язування до параметрів правил GPO "
"(Deny)NetworkLogonRight"
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
"Назви служб PAM, які виконують прив’язування до параметрів правил GPO "
"(Deny)BatchLogonRight"
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
"Назви служб PAM, які виконують прив’язування до параметрів правил GPO "
"(Deny)ServiceLogonRight"
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr "Назви служб PAM, яким завжди надається доступ на основі GPO"
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr "Назви служб PAM, яким ніколи не надається доступ на основі GPO"
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
"Типове правило входу (або допуск/заборона), яким слід користуватися для "
"неприв’язаних назв служб PAM"
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr "певний сайт, який слід використовувати клієнту"
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr "Адреса сервера Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr "Адреса резервного сервера Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr "Область Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr "Час очікування на розпізнавання"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr "Визначає, чи слід створювати файли kdcinfo"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr "Місце, куди слід скидати фрагменти налаштувань krb5"
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr "Каталог, де зберігатиметься кеш реєстраційних даних"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr "Адреса кешу реєстраційних даних користувача"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr "Адреса таблиці ключів для перевірки реєстраційних даних"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr "Увімкнути перевірку реєстраційних даних"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr "Зберігати пароль у автономному режимі для розпізнавання у мережі"
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr "Поновлюваний строк дії TGT"
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr "Строк дії TGT"
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr "Граничний час між двома перевірками для поновлення"
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr "Вмикає FAST"
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr "Визначає реєстраційний запис, який слід використовувати для FAST"
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr "Вмикає перетворення реєстраційних записів у канонічну форму"
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr "Увімкнути промислові реєстраційні дані"
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr "Прив’язка імен користувачів до основних імен kerberos"
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Сервер, на якому запущено службу зміни паролів, якщо такий не вдасться "
"виявити у KDC"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, адреса URI сервера LDAP"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr "ldap_backup_uri, адреса сервера LDAP"
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr "Типова базова назва домену"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Тип схеми, використаний на сервері LDAP, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr "Типова назва домену прив’язки"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr "Тип розпізнавання для типової назви сервера прив’язки"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr "Лексема розпізнавання типової назви сервера прив’язки"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr "Проміжок часу між спробами встановлення з’єднання"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Проміжок часу між спробами виконання синхронних операцій LDAP"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
"Проміжок часу між повторними спробами встановлення з’єднання у автономному "
"режимі"
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr "Використовувати для назв областей лише великі літери"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr "Файл, що містить сертифікати CA"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr "Шлях до каталогу сертифікатів CA"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr "Файл, що містить клієнтський сертифікат"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr "Файл, що містить клієнтський ключ"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr "Показати список можливих інструментів шифрування"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr "Потрібна перевірка сертифіката TLS"
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr "Вкажіть механізм SASL, який слід використовувати"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr "Вкажіть ідентифікатор уповноваження SASL, який слід використовувати"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr "Вкажіть область уповноваження SASL, яку слід використовувати"
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
"Вказати мінімальне значення SSF для розпізнавання на LDAP за допомогою sasl"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr "Таблиця ключів служби Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr "Розпізнавання Kerberos для з’єднання LDAP"
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr "Переходити за посиланнями LDAP"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr "Строк дії TGT для з’єднання LDAP"
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr "Спосіб розіменування псевдонімів"
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr "Назва служби для пошуків за допомогою служби DNS"
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr "Кількість записів, які слід отримувати у відповідь на один запит LDAP"
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
"Кількість учасників, яких має не вистачати для вмикання повного скасування "
"посилань"
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -834,382 +877,391 @@ msgstr ""
"Визначає, чи має бібліотека LDAP виконувати зворотній пошук з метою "
"переведення назв вузлів у канонічну форму під час прив’язки до SASL"
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr "Атрибут entryUSN"
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr "Атрибут lastUSN"
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr "Тривалість підтримування з’єднання з сервером LDAP перед роз’єднанням"
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr "Вимкнути контроль сторінок у LDAP"
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr "Вимкнути отримання діапазонів Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr "Тривалість очікування на дані запиту пошуку"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr "Тривалість очікування на дані запиту щодо переліку"
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr "Проміжок часу між оновленнями нумерації"
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr "Проміжок часу між спорожненнями кешу"
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr "Вимагати TLS для пошуків ідентифікаторів"
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
"Використовувати відповідності ідентифікаторів objectSID замість попередньо "
"встановлених ідентифікаторів"
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr "Базова назва домену для пошуків користувачів"
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr "Діапазон пошуків користувачів"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr "Фільтр пошуку користувачів"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr "Клас об’єктів для користувачів"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr "Атрибут імені користувача"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr "Атрибут UID"
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr "Головний атрибут GID"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr "Атрибут GECOS"
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr "Атрибут домашнього каталогу"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr "Атрибут оболонки"
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr "Атрибут UUID"
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr "Атрибут objectSID"
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
"Атрибут основної групи Active Directory для встановлення відповідності "
"ідентифікатора"
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr "Атрибут реєстраційного запису користувача (для Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr "Повне ім'я"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr "Атрибут memberOf"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr "Атрибут часу зміни"
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr "Атрибут shadowLastChange"
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr "Атрибут shadowMin"
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr "Атрибут shadowMax"
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr "Атрибут shadowWarning"
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr "Атрибут shadowInactive"
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr "Атрибут shadowExpire"
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr "Атрибут shadowFlag"
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr "Атрибути зі списком уповноважених служб PAM"
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr "Атрибути зі списком уповноважених серверних вузлів"
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr "Атрибут krbLastPwdChange"
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr "Атрибут krbPasswordExpiration"
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr ""
"Атрибут, що відповідає за активізацію правил обробки паролів на боці сервера"
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr "Атрибут accountExpires AD"
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr "Атрибут userAccountControl AD"
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr "Атрибут nsAccountLock"
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr "Атрибут loginDisabled NDS"
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr "Атрибут loginExpirationTime NDS"
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "Атрибут loginAllowedTimeMap NDS"
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr "Атрибут відкритого ключа SSH"
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr "атрибут зі списком дозволених типів розпізнавання для користувача"
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr "атрибут, що містить сертифікат X509 користувача"
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
"Список додаткових атрибутів, які слід отримувати разом із записом користувача"
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr "Базова назва домену для пошуків груп"
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr "Клас об’єктів для груп"
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr "Назва групи"
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr "Пароль групи"
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr "Атрибут GID"
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr "Атрибут членства у групі"
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr "Атрибут UUID групи"
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr "Атрибут часу зміни для груп"
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr "Тип групи та інші прапорці"
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+#, fuzzy
+msgid "The LDAP group external member attribute"
+msgstr "Атрибут членства у групах у мережі"
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr "Максимальний рівень вкладеності, який використовуватиме SSSD"
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr "Базова назва домену для пошуків груп у мережі"
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr "Клас об’єктів для груп у мережі"
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr "Назва мережевої групи"
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr "Атрибут членства у групах у мережі"
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr "Атрибут трійки груп у мережі"
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr "Атрибут часу зміни для мережевих груп"
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr "Базова сервер назв домену для пошуку служб"
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr "Клас об’єктів для служб"
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr "Атрибут назви служби"
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr "Атрибут порту служби"
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr "Атрибут протоколу служби"
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr "Нижня межа встановлення відповідності ідентифікатора"
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr "Верхня межа встановлення відповідності ідентифікатора"
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
"Кількість ідентифікаторів для кожного зрізу під час встановлення "
"відповідності ідентифікаторів"
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
"Використовувати для встановлення відповідності ідентифікаторів алгоритм, "
"сумісний з autorid"
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr "Назва типового домену для встановлення відповідності ідентифікаторів"
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr "SID типового домену для встановлення відповідності ідентифікаторів"
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr "Використовувати LDAP_MATCHING_RULE_IN_CHAIN щодо пошуків груп (group)"
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
"Використовувати LDAP_MATCHING_RULE_IN_CHAIN щодо пошуків початкових груп "
"(initgroup)"
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr "Визначає, чи слід використовувати крупи реєстраційних записів"
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr "Встановити нижню межу для дозволених ідентифікаторів із сервера LDAP"
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr "Встановити верхню межу для дозволених ідентифікаторів із сервера LDAP"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr "DN для запитів щодо ppolicy"
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr "Правила оцінки завершення строку дії пароля"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
"Атрибути які слід використовувати для визначення чинності облікового запису"
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr ""
"Правила, які має бути використано для визначення достатності прав доступу"
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr "Адреса на сервері LDAP, для якої можливі зміни паролів"
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr "Адреса резервного сервера LDAP, для якої можливі зміни паролів"
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr "Назва у службі DNS сервера зміни паролів LDAP"
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
@@ -1217,25 +1269,25 @@ msgstr ""
"Визначає, чи слід оновлювати атрибут ldap_user_shadow_last_change після "
"зміни пароля"
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr "Базова назва домену для пошуків правил sudo"
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr "Період автоматичного повного оновлення даних"
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr "Період автоматичного кмітливого оновлення даних"
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
"Визначає, чи слід фільтрувати правила за назвами вузлів, IP-адресами та "
"мережами"
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
@@ -1243,248 +1295,244 @@ msgstr ""
"Назви вузлів і/або повні назви у домені для цього комп’ютера для "
"фільтрування списку правил sudo"
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
"Адреси IPv4 або IPv6 чи мережа цього комп’ютера для фільтрування списку "
"правил sudo"
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
"Визначає, чи слід включати правила, що містять мережеву групу у атрибуті "
"вузла"
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
"Визначає, чи слід включати правила, що містять формальний вираз у атрибуті "
"вузла"
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr "Клас об’єктів для правил sudo"
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr "Назва правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr "Атрибут команди правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr "Атрибут вузла правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr "Атрибут користувача правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr "Атрибут параметрів правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr "Атрибут runas правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr ""
"Атрибут користувача, від імені якого виконуватиметься запуск, правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr "Атрибут групи, від імені якої виконуватиметься запуск, правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr "Атрибут граничного часу початку дії правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr "Атрибут граничного часу завершення дії правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr "Атрибут порядку правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr "Клас об’єктів для карт автоматичного монтування"
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr "Атрибут назви карти автоматичного монтування"
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr "Клас об’єктів для записів карт автоматичного монтування"
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr "Атрибут ключа запису карти автоматичного монтування"
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr "Атрибут значення запису карти автоматичного монтування"
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr "Базовий сервер назв домену для пошуків карти автоматичного монтування"
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr "Відокремлений комами список дозволених користувачів"
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr "Відокремлений комами список заборонених користувачів"
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr "Типова оболонка, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr "Базова адреса домашніх каталогів"
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr "Назва бібліотеки NSS, яку слід використовувати"
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
"Визначає, чи слід виконувати пошук канонічної назви групи у кеші, якщо це "
"можливо"
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr "Стек PAM, який слід використовувати"
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr "Запуститися фонову службу (типова поведінка)"
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr "Запустити у інтерактивному режимі (без фонової служби)"
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Вказати нетиповий файл налаштувань"
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr "Вивести номер версії і завершити роботу"
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr "Рівень зневаджування"
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr "Додавати діагностичні часові позначки"
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr "Показувати мікросекунди у часових позначках"
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr "Дескриптор відкритого файла для запису журналів діагностики"
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr "Надіслати діагностичну інформацію безпосередньо до stderr."
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr "Користувач, від імені якого слід створити ccache FAST"
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr "Група, від імені якої слід створити ccache FAST"
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr "Домен надання відомостей (обов’язковий)"
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr "У привілейованого сокета помилковий власник або права доступу."
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr "У відкритого сокета помилковий власник або права доступу."
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr "Некоректний формат повідомлення щодо реєстраційних даних сервера."
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr "SSSD запущено не від імені користувача root."
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr "Сталася помилка, але не вдалося знайти її опису."
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr "Неочікувана помилка під час пошуку опису помилки"
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr "Відмовлено у доступі. "
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr "Повідомлення сервера: "
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr "Паролі не збігаються"
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr "Підтримки скидання пароля користувачем root не передбачено."
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr "Розпізнано за реєстраційними даними з кешу"
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ", строк дії вашого кешованого пароля завершиться: "
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr "Строк дії вашого пароля вичерпано. Залишилося %1$d резервних входи."
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr "Строк дії вашого пароля завершиться за %1$d %2$s."
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr "Розпізнавання заборонено до: "
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr "Система працює у автономному режимі, зміна пароля неможлива"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
@@ -1492,35 +1540,35 @@ msgstr ""
"Після зміни пароля OTP вам слід вийти із системи і увійти до неї знову, щоб "
"отримати про квиток"
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr "Спроба зміни пароля зазнала невдачі. "
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr "Новий пароль: "
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr "Ще раз введіть новий пароль: "
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr "Перший фактор:"
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr "Другий фактор:"
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr "Пароль: "
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr "Поточний пароль: "
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr "Строк дії пароля вичерпано. Змініть ваш пароль."
@@ -1529,7 +1577,7 @@ msgstr "Строк дії пароля вичерпано. Змініть ваш
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "Рівень діагностики під час запуску"
@@ -1542,7 +1590,7 @@ msgstr "Домен SSSD, який слід використовувати"
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr "Помилка під час спроби встановити локаль\n"
@@ -2011,82 +2059,93 @@ msgid "Transaction error. Could not modify user.\n"
msgstr ""
"Помилка під час виконання операції. Не вдалося змінити запис користувача.\n"
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr "Вказаному критерію пошуку не відповідає жоден об’єкт у кеші\n"
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr "Не вдалося скасувати чинність %1$s\n"
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr "Не вдалося скасувати чинність %1$s %2$s\n"
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
-msgstr "Скасувати чинність усіх кешованих записів, окрім правил sudo"
+#: src/tools/sss_cache.c:644
+#, fuzzy
+msgid "Invalidate all cached entries"
+msgstr "Скасувати визначення всіх служб"
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr "Скасувати визначення певного користувача"
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr "Скасувати визначення всіх користувачів"
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr "Скасувати визначення певної групи"
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr "Скасувати визначення всіх груп"
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr "Скасувати визначення певної мережевої групи"
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr "Скасувати визначення всіх мережевих груп"
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr "Скасувати визначення певної служби"
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr "Скасувати визначення всіх служб"
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr "Скасувати визначення певну карту autofs"
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr "Скасувати визначення всіх карт autofs"
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr "Скасувати чинність певного вузла SSH"
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr "Скасувати чинність усіх вузлів SSH"
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+#, fuzzy
+msgid "Invalidate particular sudo rule"
+msgstr "Скасувати визначення певного користувача"
+
+#: src/tools/sss_cache.c:677
+#, fuzzy
+msgid "Invalidate all cached sudo rules"
+msgstr "Скасувати чинність усіх кешованих записів, окрім правил sudo"
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr "Скасувати визначення лише записів з певного домену"
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr ""
"Будь ласка, виберіть принаймні один об’єкт для скасовування відповідності\n"
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
@@ -2095,7 +2154,7 @@ msgstr ""
"Не вдалося відкрити домен %1$s. Якщо цей домен є піддоменом (довіреним "
"доменом), скористайтеся повною назвою замість параметра --domain/-d.\n"
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr "Не вдалося відкрити доступні домени\n"
@@ -2116,7 +2175,7 @@ msgstr "Мало бути вказано лише один аргумент\n"
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr "Здається, назва «%1$s» не є FQDN (встановлено «%2$s = TRUE»)\n"
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr "Не вистачає пам'яті\n"
@@ -2125,14 +2184,13 @@ msgstr "Не вистачає пам'яті\n"
msgid "%1$s must be run as root\n"
msgstr "%1$s слід запускати від імені користувача root\n"
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr "Надіслати діагностичні дані до файлів, а не до stderr"
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr "Ідентифікатор користувача, від імені якого слід запустити сервер"
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr "Ідентифікатор групи, від імені якої слід запустити сервер"
+
+#~ msgid "Send the debug output to files instead of stderr"
+#~ msgstr "Надіслати діагностичні дані до файлів, а не до stderr"
diff --git a/po/zh_CN.po b/po/zh_CN.po
index c12c2337c..e89227217 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/"
@@ -18,1400 +18,1442 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr "设定调试日志记录等级"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr "在调试日志中包含时间戳"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr "写入调试信息到日志文件"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr "启动服务命令"
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:65
+msgid "Tune certificate verification"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+msgid "Files negative cache timeout length (seconds)"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+msgid "Message printed when user account is locked."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
msgid "Path to storage of trusted CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr "保存密码哈希值"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr "IPA 服务器地址"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr "IPA 备份服务器地址"
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr "Kerberos 服务器地址"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr "验证超时"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+msgid "The LDAP group external member attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr ""
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr ""
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr ""
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr ""
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
msgstr ""
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr ""
@@ -1420,7 +1462,7 @@ msgstr ""
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr ""
@@ -1433,7 +1475,7 @@ msgstr ""
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr ""
@@ -1863,88 +1905,96 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr ""
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr ""
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr ""
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
+#: src/tools/sss_cache.c:644
+msgid "Invalidate all cached entries"
msgstr ""
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr ""
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr ""
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+msgid "Invalidate particular sudo rule"
+msgstr ""
+
+#: src/tools/sss_cache.c:677
+msgid "Invalidate all cached sudo rules"
+msgstr ""
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr ""
@@ -1965,7 +2015,7 @@ msgstr ""
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr ""
@@ -1974,14 +2024,10 @@ msgstr ""
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr ""
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr ""
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr ""
diff --git a/po/zh_TW.po b/po/zh_TW.po
index d2434b0ed..cc7c3e7a8 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2015-09-30 11:59+0200\n"
+"POT-Creation-Date: 2016-06-20 21:24+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/sssd/"
@@ -17,1400 +17,1443 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Set the verbosity of the debug logging"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid "Include timestamps in debug logs"
msgstr "在除錯日誌內加入時間戳記"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Write debug messages to logfiles"
msgstr "將除錯訊息寫入日誌檔"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "Ping timeout before restarting service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:49
+#: src/config/SSSDConfig/__init__.py.in:50
msgid "Command to start service"
msgstr "啟動服務的指令"
-#: src/config/SSSDConfig/__init__.py.in:50
+#: src/config/SSSDConfig/__init__.py.in:51
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:54
+msgid "The command to run when a service ping times out"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:57
msgid "SSSD Services to start"
msgstr "要啟動的 SSSD 服務"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "SSSD Domains to start"
msgstr "要啟動的 SSSD 網域"
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:59
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:58
+#: src/config/SSSDConfig/__init__.py.in:60
msgid "Regex to parse username and domain"
msgstr "用來解析使用者名稱與網域的正規表示式"
-#: src/config/SSSDConfig/__init__.py.in:59
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:62
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:63
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "The user to drop privileges to"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:65
+#, fuzzy
+msgid "Tune certificate verification"
+msgstr "需要 TLS 憑證驗證"
+
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:69
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:67
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:71
+msgid "Files negative cache timeout length (seconds)"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Users that SSSD should explicitly ignore"
msgstr "SSSD 應該明確忽略的使用者"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "Groups that SSSD should explicitly ignore"
msgstr "SSSD 應該明確忽略的群組"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Should filtered users appear in groups"
msgstr "過濾的使用者是否應該顯現在群組內"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:77
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:81
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "All spaces in group or user names will be replaced with this character"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:84
+#: src/config/SSSDConfig/__init__.py.in:88
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:89
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:87
+#: src/config/SSSDConfig/__init__.py.in:91
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of trusted uids or user's name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:90
+#: src/config/SSSDConfig/__init__.py.in:94
msgid "List of domains accessible even for untrusted users."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:95
msgid "Message printed when user account is expired."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:96
+msgid "Message printed when user account is locked."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:97
+msgid "Allow certificate based/Smartcard authentication."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:98
+msgid "Path to certificate databse with PKCS#11 modules."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "How many seconds will pam_sss wait for p11_child to finish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:110
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:111
msgid "Path to storage of trusted CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
+msgid "How long the PAC data is considered valid"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "Identity provider"
msgstr "身分提供者"
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "Authentication provider"
msgstr "認證提供者"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Access control provider"
msgstr "存取控制提供者"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Password change provider"
msgstr "密碼變更提供者"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Minimum user ID"
msgstr "最小的使用者 ID"
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Maximum user ID"
msgstr "最大的使用者 ID"
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Enable enumerating all users/groups"
msgstr "啟用所有使用者或群組的列舉"
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "Cache credentials for offline login"
msgstr "供離線登入使用的快取憑證"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:138
#: src/config/SSSDConfig/__init__.py.in:139
-#: src/config/SSSDConfig/__init__.py.in:140
-#: src/config/SSSDConfig/__init__.py.in:141
-#: src/config/SSSDConfig/__init__.py.in:142
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:160
msgid "Override the DNS server used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "How often should subdomains list be refreshed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "List of options that should be inherited into a subdomain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "How long can cached credentials be used for cached authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "IPA domain"
msgstr "IPA 網域"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "IPA server address"
msgstr "IPA 伺服器位址"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:170
msgid "IPA client hostname"
msgstr "IPA 客戶端主機名稱"
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:175
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:176
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:195
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Search base for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Objectclass for view containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Attribute with the name of the view"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Objectclass for override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Attribute with the reference to the original object"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Objectclass for user override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Objectclass for group override objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:193
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:194
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:188
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Whether to use the Global Catalog for lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:198
msgid "Operation mode for GPO-based access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:199
msgid ""
"The amount of time between lookups of the GPO policy files against the AD "
"server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:200
msgid ""
"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
"settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:201
msgid ""
"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
"policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:202
msgid ""
"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:203
msgid ""
"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:204
msgid ""
"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "PAM service names for which GPO-based access is always granted"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "PAM service names for which GPO-based access is always denied"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:207
msgid ""
"Default logon right (or permit/deny) to use for unmapped PAM service names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "a particular site to be used by the client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:209
+msgid ""
+"Maximum age in days before the machine account password should be renewed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:210
+msgid "Option for tuing the machine account renewal task"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "Kerberos server address"
msgstr "Kerberos 伺服器位址"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Authentication timeout"
msgstr "認證逾時"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Where to drop krb5 config snippets"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Directory to store credential caches"
msgstr "儲存憑證快取的目錄"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Location of the user's credential cache"
msgstr "使用者憑證快取的位置"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "Location of the keytab to validate credentials"
msgstr "驗證憑證用的金鑰表格位置"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Enable credential validation"
msgstr "啟用憑證驗證"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:228
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:229
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:220
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:232
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:234
msgid "A mapping from user names to kerberos principal names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:238
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:250
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:241
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:257
msgid "Require TLS certificate verification"
msgstr "需要 TLS 憑證驗證"
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Specify the sasl mechanism to use"
msgstr "指定要使用的 sasl 機制"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "Specify the sasl authorization id to use"
msgstr "指定要使用的 sasl 認證 id"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:263
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:270
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "Length of time to wait for a search request"
msgstr "搜尋請求的等候時間長度"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:283
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:284
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:286
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:287
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:296
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:297
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:339
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Full Name"
msgstr "全名"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:307
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:302
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:313
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:314
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:310
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:321
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "attribute listing allowed authentication types for a user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:326
msgid "attribute containing the X509 certificate of the user"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "A list of extra attributes to download along with the user entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:330
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:323
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:334
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:335
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:330
+#: src/config/SSSDConfig/__init__.py.in:340
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:341
msgid "Type of the group and other flags"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:342
+msgid "The LDAP group external member attribute"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:361
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:362
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:366
+msgid "Number of secondary slices"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:369
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:370
msgid "Whether to use Token-Groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:359
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:373
msgid "DN for ppolicy queries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:374
msgid "How many maximum entries to fetch during a wildcard request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:377
msgid "Policy to evaluate the password expiration"
msgstr "評估密碼過期時效的策略"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:381
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:382
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:385
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:386
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:375
+#: src/config/SSSDConfig/__init__.py.in:387
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:376
+#: src/config/SSSDConfig/__init__.py.in:388
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:391
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:392
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:393
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:394
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:395
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:384
+#: src/config/SSSDConfig/__init__.py.in:396
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:397
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:398
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:399
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:400
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:401
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:390
+#: src/config/SSSDConfig/__init__.py.in:402
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:391
+#: src/config/SSSDConfig/__init__.py.in:403
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:404
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:405
msgid "Sudo rule runas attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:406
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:407
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:408
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:409
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:410
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:413
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:414
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:415
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:416
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:417
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:418
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:421
msgid "Comma separated list of allowed users"
msgstr "許可的使用者清單,請使用半形逗號作為分隔"
-#: src/config/SSSDConfig/__init__.py.in:410
+#: src/config/SSSDConfig/__init__.py.in:422
msgid "Comma separated list of prohibited users"
msgstr "被禁止的使用者清單,請使用半形逗號作為分隔"
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:425
msgid "Default shell, /bin/bash"
msgstr "預設 shell,/bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:426
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:429
msgid "The name of the NSS library to use"
msgstr "要使用的 NSS 函式庫名稱"
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:430
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:421
+#: src/config/SSSDConfig/__init__.py.in:433
msgid "PAM stack to use"
msgstr "要使用的 PAM 堆疊"
-#: src/monitor/monitor.c:2872
+#: src/monitor/monitor.c:3045
msgid "Become a daemon (default)"
msgstr "作為幕後程式 (預設)"
-#: src/monitor/monitor.c:2874
+#: src/monitor/monitor.c:3047
msgid "Run interactive (not a daemon)"
msgstr "以互動方式執行 (非幕後程式)"
-#: src/monitor/monitor.c:2876 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:3049 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "指定非預設的配置檔"
-#: src/monitor/monitor.c:2878
+#: src/monitor/monitor.c:3051
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2587 src/providers/ldap/ldap_child.c:590
-#: src/util/util.h:111
+#: src/providers/krb5/krb5_child.c:2617 src/providers/ldap/ldap_child.c:590
msgid "Debug level"
msgstr "除錯層級"
-#: src/providers/krb5/krb5_child.c:2589 src/providers/ldap/ldap_child.c:592
-#: src/util/util.h:117
+#: src/providers/krb5/krb5_child.c:2619 src/providers/ldap/ldap_child.c:592
msgid "Add debug timestamps"
msgstr "加入除錯時間戳記"
-#: src/providers/krb5/krb5_child.c:2591 src/providers/ldap/ldap_child.c:594
-#: src/util/util.h:119
+#: src/providers/krb5/krb5_child.c:2621 src/providers/ldap/ldap_child.c:594
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2593 src/providers/ldap/ldap_child.c:596
+#: src/providers/krb5/krb5_child.c:2623 src/providers/ldap/ldap_child.c:596
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:598
-#: src/util/util.h:115
+#: src/providers/krb5/krb5_child.c:2626 src/providers/ldap/ldap_child.c:598
msgid "Send the debug output to stderr directly."
msgstr ""
-#: src/providers/krb5/krb5_child.c:2598
+#: src/providers/krb5/krb5_child.c:2628
msgid "The user to create FAST ccache as"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2600
+#: src/providers/krb5/krb5_child.c:2630
msgid "The group to create FAST ccache as"
msgstr ""
-#: src/providers/data_provider_be.c:2923
+#: src/providers/data_provider_be.c:503
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:971
+#: src/sss_client/common.c:1015
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:974
+#: src/sss_client/common.c:1018
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:977
+#: src/sss_client/common.c:1021
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:980
+#: src/sss_client/common.c:1024
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:985
+#: src/sss_client/common.c:1029
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:991
+#: src/sss_client/common.c:1035
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:66
+#: src/sss_client/pam_sss.c:67
msgid "Permission denied. "
msgstr ""
-#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:734
-#: src/sss_client/pam_sss.c:745
+#: src/sss_client/pam_sss.c:68 src/sss_client/pam_sss.c:735
+#: src/sss_client/pam_sss.c:746
msgid "Server message: "
msgstr "伺服器訊息:"
-#: src/sss_client/pam_sss.c:252
+#: src/sss_client/pam_sss.c:253
msgid "Passwords do not match"
msgstr "密碼不相符"
-#: src/sss_client/pam_sss.c:440
+#: src/sss_client/pam_sss.c:441
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:481
+#: src/sss_client/pam_sss.c:482
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:482
+#: src/sss_client/pam_sss.c:483
msgid ", your cached password will expire at: "
msgstr ",您快取的密碼將在此刻過期:"
-#: src/sss_client/pam_sss.c:512
+#: src/sss_client/pam_sss.c:513
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:558
+#: src/sss_client/pam_sss.c:559
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:607
+#: src/sss_client/pam_sss.c:608
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:628
+#: src/sss_client/pam_sss.c:629
msgid "System is offline, password change not possible"
msgstr "系統已離線,不可能作密碼變更"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:644
msgid ""
"After changing the OTP password, you need to log out and back in order to "
"acquire a ticket"
msgstr ""
-#: src/sss_client/pam_sss.c:731 src/sss_client/pam_sss.c:744
+#: src/sss_client/pam_sss.c:732 src/sss_client/pam_sss.c:745
msgid "Password change failed. "
msgstr "密碼變更失敗。"
-#: src/sss_client/pam_sss.c:1444
+#: src/sss_client/pam_sss.c:1467
msgid "New Password: "
msgstr "新密碼:"
-#: src/sss_client/pam_sss.c:1445
+#: src/sss_client/pam_sss.c:1468
msgid "Reenter new Password: "
msgstr "再次輸入新密碼:"
-#: src/sss_client/pam_sss.c:1549
+#: src/sss_client/pam_sss.c:1574
msgid "First Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1550
+#: src/sss_client/pam_sss.c:1575
msgid "Second Factor: "
msgstr ""
-#: src/sss_client/pam_sss.c:1554
+#: src/sss_client/pam_sss.c:1579
msgid "Password: "
msgstr "密碼:"
-#: src/sss_client/pam_sss.c:1594
+#: src/sss_client/pam_sss.c:1619
msgid "Current Password: "
msgstr "目前的密碼:"
-#: src/sss_client/pam_sss.c:1793
+#: src/sss_client/pam_sss.c:1818
msgid "Password expired. Change your password now."
msgstr "密碼已過期。請立刻變更您的密碼。"
@@ -1419,7 +1462,7 @@ msgstr "密碼已過期。請立刻變更您的密碼。"
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:642 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr ""
@@ -1432,7 +1475,7 @@ msgstr ""
#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663
#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79
-#: src/tools/sss_cache.c:627
+#: src/tools/sss_cache.c:688
msgid "Error setting the locale\n"
msgstr "設定區域設置時發生錯誤\n"
@@ -1862,88 +1905,96 @@ msgstr "無法修改使用者 - 使用者是否已經是群組的成員?\n"
msgid "Transaction error. Could not modify user.\n"
msgstr "處理事項發生錯誤。無法修改使用者。\n"
-#: src/tools/sss_cache.c:188
+#: src/tools/sss_cache.c:212
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:431
+#: src/tools/sss_cache.c:484
#, c-format
msgid "Couldn't invalidate %1$s\n"
msgstr ""
-#: src/tools/sss_cache.c:438
+#: src/tools/sss_cache.c:491
#, c-format
msgid "Couldn't invalidate %1$s %2$s\n"
msgstr ""
-#: src/tools/sss_cache.c:589
-msgid "Invalidate all cached entries except for sudo rules"
+#: src/tools/sss_cache.c:644
+msgid "Invalidate all cached entries"
msgstr ""
-#: src/tools/sss_cache.c:591
+#: src/tools/sss_cache.c:646
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:593
+#: src/tools/sss_cache.c:648
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:595
+#: src/tools/sss_cache.c:650
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:597
+#: src/tools/sss_cache.c:652
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:654
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:601
+#: src/tools/sss_cache.c:656
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:603
+#: src/tools/sss_cache.c:658
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:605
+#: src/tools/sss_cache.c:660
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:608
+#: src/tools/sss_cache.c:663
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:610
+#: src/tools/sss_cache.c:665
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:614
+#: src/tools/sss_cache.c:669
msgid "Invalidate particular SSH host"
msgstr ""
-#: src/tools/sss_cache.c:616
+#: src/tools/sss_cache.c:671
msgid "Invalidate all SSH hosts"
msgstr ""
-#: src/tools/sss_cache.c:619
+#: src/tools/sss_cache.c:675
+msgid "Invalidate particular sudo rule"
+msgstr ""
+
+#: src/tools/sss_cache.c:677
+msgid "Invalidate all cached sudo rules"
+msgstr ""
+
+#: src/tools/sss_cache.c:680
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:668
+#: src/tools/sss_cache.c:736
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:751
+#: src/tools/sss_cache.c:816
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:755
+#: src/tools/sss_cache.c:820
msgid "Could not open available domains\n"
msgstr ""
@@ -1964,7 +2015,7 @@ msgstr ""
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:309
+#: src/tools/tools_util.c:311
msgid "Out of memory\n"
msgstr "記憶體耗盡\n"
@@ -1973,14 +2024,13 @@ msgstr "記憶體耗盡\n"
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:113
-msgid "Send the debug output to files instead of stderr"
-msgstr "傳送除錯輸出到檔案而不是標準輸出"
-
-#: src/util/util.h:183
+#: src/util/util.h:78
msgid "The user ID to run the server as"
msgstr ""
-#: src/util/util.h:185
+#: src/util/util.h:80
msgid "The group ID to run the server as"
msgstr ""
+
+#~ msgid "Send the debug output to files instead of stderr"
+#~ msgstr "傳送除錯輸出到檔案而不是標準輸出"
diff --git a/src/man/po/br.po b/src/man/po/br.po
index 471f30e51..677a7f1b6 100644
--- a/src/man/po/br.po
+++ b/src/man/po/br.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Breton (http://www.transifex.com/projects/p/sssd/language/"
@@ -18,7 +18,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -64,7 +64,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -83,11 +83,11 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "DIBARZHIOÙ"
@@ -220,113 +220,128 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
-msgid "debug_timestamps (bool)"
+msgid "debug (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:76
msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:89
+msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr "Dre ziouer : true"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr "RANNOÙ DIBAR"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr "Ar rann [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr "Arventennoù ar rann"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -335,29 +350,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "Dre ziouer : 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "domanioù"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -367,19 +382,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr "re_expression (neudennad)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -387,12 +402,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr "full_name_format (neudennad)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -400,58 +415,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -460,7 +475,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -468,69 +483,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -540,7 +555,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -550,20 +565,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -573,7 +588,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -582,12 +597,99 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "certificate_verification (string)"
+msgstr "re_expression (neudennad)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -598,12 +700,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr "RANNOÙ SERVIJOÙ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -612,22 +714,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -637,17 +739,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -655,19 +757,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -677,12 +779,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -690,117 +792,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "Dre ziouer : 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -808,7 +858,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -818,7 +868,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -827,17 +877,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -845,60 +895,86 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "Dre ziouer : 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+msgid "local_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Dre ziouer : 0"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (neudennad)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr "Dre zoiuer : root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -906,23 +982,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -930,47 +1006,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -978,103 +1054,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1085,72 +1168,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1158,59 +1241,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr "Dre zoiuer : 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1218,7 +1301,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1227,17 +1310,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1245,117 +1328,185 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Dre ziouer : 0"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1064
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_expired_message = Account expired, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+#, fuzzy
+#| msgid "full_name_format (string)"
+msgid "pam_cert_db_path (string)"
+msgstr "full_name_format (neudennad)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
msgid "p11_child_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1366,34 +1517,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1401,68 +1552,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
msgid "Default: /etc/pki/nssdb"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1474,7 +1625,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1485,24 +1636,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1510,12 +1661,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1523,25 +1674,37 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+msgid "pac_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr "RANNOÙ DOMANI"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1550,46 +1713,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1601,14 +1764,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1617,39 +1780,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1658,19 +1821,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1681,151 +1844,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1833,24 +1996,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1859,17 +2022,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1878,33 +2041,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1912,8 +2075,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1922,8 +2085,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1931,19 +2094,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1952,7 +2115,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1960,22 +2123,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1987,7 +2150,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -1995,19 +2158,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2015,7 +2178,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2023,30 +2186,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2054,19 +2217,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2075,24 +2238,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2100,7 +2276,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2108,35 +2284,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2144,32 +2320,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2180,12 +2356,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2193,7 +2369,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2201,31 +2377,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2233,7 +2409,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2242,23 +2418,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2266,7 +2442,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2274,24 +2450,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2299,12 +2483,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2314,7 +2498,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2323,29 +2507,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2353,7 +2537,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2361,66 +2545,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2428,70 +2612,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2499,7 +2683,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2507,41 +2691,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2551,34 +2779,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
msgid "cached_auth_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2586,12 +2814,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2599,7 +2827,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2607,49 +2835,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2657,73 +2899,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2731,17 +2973,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2750,17 +2992,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2768,17 +3010,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2786,19 +3028,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2828,7 +3070,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2874,7 +3116,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2974,8 +3216,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr ""
@@ -3264,14 +3506,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3666,8 +3908,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
@@ -3871,19 +4113,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
-msgid "ldap_group_nesting_level (integer)"
+msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:948
msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3893,26 +4152,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3920,14 +4180,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3935,7 +4195,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3943,19 +4203,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3963,168 +4217,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4132,7 +4386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4140,12 +4394,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4153,12 +4407,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4169,12 +4423,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4183,12 +4437,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4197,34 +4451,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4232,14 +4486,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4247,17 +4501,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4267,12 +4521,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4280,17 +4534,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4298,13 +4552,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4313,7 +4567,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4321,26 +4575,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4348,7 +4602,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4356,7 +4610,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4364,41 +4618,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4407,32 +4661,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4440,24 +4694,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4465,17 +4719,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4486,29 +4740,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4517,17 +4771,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4535,49 +4789,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4585,27 +4839,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4617,7 +4871,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4625,7 +4879,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4633,39 +4887,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4675,7 +4929,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4683,26 +4937,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4710,7 +4964,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4718,31 +4972,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4751,56 +5005,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4816,12 +5070,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4830,14 +5084,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4846,24 +5100,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4871,19 +5125,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4892,7 +5146,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4900,7 +5154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4909,7 +5163,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4917,22 +5171,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4942,14 +5196,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4962,12 +5216,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -4977,7 +5231,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -4987,49 +5241,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5038,74 +5292,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5116,7 +5370,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5124,24 +5378,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
msgid "wildcart_limit (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5156,12 +5410,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5169,208 +5423,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5378,101 +5632,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5481,110 +5735,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: root"
msgid "Default: automount"
msgstr "Dre zoiuer : root"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5593,32 +5847,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5627,22 +5881,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5651,7 +5905,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5659,7 +5913,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5672,26 +5926,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5707,13 +5961,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5748,11 +6002,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5760,34 +6015,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5795,31 +6050,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5827,36 +6082,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5864,7 +6119,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5873,25 +6128,56 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5899,7 +6185,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5911,7 +6197,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6070,7 +6356,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6218,7 +6504,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6226,14 +6512,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6248,12 +6534,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6274,12 +6560,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6303,7 +6589,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6313,7 +6599,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6330,12 +6616,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6343,12 +6629,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6367,50 +6653,50 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6520,7 +6806,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6594,26 +6880,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6632,7 +6918,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6930,13 +7216,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6946,15 +7233,15 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -6962,7 +7249,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -6975,7 +7262,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -6983,53 +7270,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7037,19 +7336,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7060,12 +7359,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7074,7 +7373,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7083,7 +7382,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7092,14 +7391,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7108,7 +7407,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7123,29 +7422,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7154,7 +7453,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7163,12 +7462,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7178,14 +7477,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7198,23 +7497,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7222,22 +7521,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7245,12 +7544,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7258,14 +7557,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7273,7 +7572,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7285,53 +7584,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7339,7 +7663,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7347,7 +7671,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7355,7 +7679,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7367,17 +7691,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7385,7 +7714,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7393,7 +7722,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7401,7 +7730,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7413,22 +7742,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7436,14 +7765,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7451,7 +7780,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7463,17 +7792,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7481,14 +7810,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7496,7 +7825,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7507,19 +7836,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7527,7 +7856,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7539,34 +7868,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7574,12 +7908,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7592,52 +7926,92 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: 30 days"
+msgstr "Dre ziouer : 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7648,36 +8022,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7685,7 +8059,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7700,7 +8074,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7709,7 +8083,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7717,7 +8091,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7726,6 +8100,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8184,7 +8566,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8251,17 +8633,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8269,50 +8656,80 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8320,29 +8737,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8350,39 +8767,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8390,41 +8836,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "OPTIONS"
msgid "COMMON OPTIONS"
msgstr "DIBARZHIOÙ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
#| msgid ""
#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
@@ -9571,13 +10017,49 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
+"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid ""
+#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10057,13 +10539,13 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10071,7 +10553,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10081,36 +10563,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10497,7 +10962,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10554,11 +11019,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10566,12 +11032,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10579,36 +11045,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10617,13 +11083,34 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10632,51 +11119,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
diff --git a/src/man/po/ca.po b/src/man/po/ca.po
index e85b1664b..2fb8e0943 100644
--- a/src/man/po/ca.po
+++ b/src/man/po/ca.po
@@ -14,8 +14,8 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
-"PO-Revision-Date: 2015-09-29 10:29-0400\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
+"PO-Revision-Date: 2015-10-18 04:13-0400\n"
"Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n"
"Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/"
"ca/)\n"
@@ -24,7 +24,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -37,7 +37,7 @@ msgstr ""
#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
#: sss_ssh_knownhostsproxy.1.xml:5
msgid "SSSD Manual pages"
-msgstr "Pàgines de manual de l'SSSD"
+msgstr "Pàgines del manual de l'SSSD"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
@@ -69,7 +69,7 @@ msgstr ""
"replaceable></arg> <arg choice='plain'> <replaceable>GRUP</replaceable></arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -90,11 +90,11 @@ msgstr ""
"que s'especifiquen a la línia d'ordres."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "OPCIONS"
@@ -114,9 +114,9 @@ msgid ""
"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
"a comma separated list of group names."
msgstr ""
-"Afegiu aquest grup als grups especificats pel paràmetre de "
-"<replaceable>GRUPS</replaceable> . El paràmetre de <replaceable>GRUPS</"
-"replaceable> és una llista delimitada per comes dels noms de grup."
+"Afegeix aquest grup als grups especificats amb el paràmetre "
+"<replaceable>GRUPS</replaceable>. El paràmetre <replaceable>GRUPS</"
+"replaceable> és una llista delimitada per comes dels noms dels grups."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
@@ -133,7 +133,7 @@ msgid ""
"Remove this group from groups specified by the <replaceable>GROUPS</"
"replaceable> parameter."
msgstr ""
-"Suprimeix aquest grup dels grups especificats pel paràmetre "
+"Suprimeix aquest grup dels grups especificats amb el paràmetre "
"<replaceable>GRUPS</replaceable>."
#. type: Content of: <reference><refentry><refnamediv><refname>
@@ -153,17 +153,17 @@ msgstr "5"
#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
msgid "File Formats and Conventions"
-msgstr "Formats de fitxer i convencions"
+msgstr "Formats i convencions dels fitxers"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd.conf.5.xml:17
msgid "the configuration file for SSSD"
-msgstr "l'arxiu de configuració per a SSSD"
+msgstr "el fitxer de configuració per a l'SSSD"
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:21
msgid "FILE FORMAT"
-msgstr "FORMAT DE FITXER"
+msgstr "FORMAT DEL FITXER"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd.conf.5.xml:29
@@ -174,6 +174,10 @@ msgid ""
"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
" "
msgstr ""
+"<replaceable>[secció]</replaceable>\n"
+"<replaceable>clau</replaceable> = <replaceable>valor</replaceable>\n"
+"<replaceable>clau2</replaceable> = <replaceable>valor2,valor3</replaceable>\n"
+" "
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:24
@@ -183,11 +187,11 @@ msgid ""
"until the next section begins. An example of section with single and multi-"
"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
-"El fitxer utilitza un estil de sintaxi del tipu ini i consisteix en seccions "
-"i paràmetres.\n"
-"Una secció comença amb el nom de la secció entre claudàtors i continua fins "
-"que comença la següent secció. Un exemple de secció amb paràmetres simples i "
-"múltiples: <placeholder type=\"programlisting\" id=\"0\"/>"
+"El fitxer té un estil de sintaxi del tipus ini i està format per seccions i "
+"paràmetres. Una secció comença amb el nom de la secció entre claudàtors i "
+"continua fins a l'inici de la següent secció. Un exemple de secció amb "
+"paràmetres amb un sol valor i amb valors múltiples: <placeholder type="
+"\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:36
@@ -195,8 +199,8 @@ msgid ""
"The data types used are string (no quotes needed), integer and bool (with "
"values of <quote>TRUE/FALSE</quote>)."
msgstr ""
-"Els tipus de dades utilitzats són cadenes (no es necessiten cometes), enters "
-"i booleans (amb valors de <quote>TRUE/FALSE</quote>)."
+"Els tipus de dades que s'utilitzen són cadenes (no necessiten cometes), "
+"enters i booleans (amb valors <quote>TRUE/FALSE</quote>)."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:41
@@ -204,6 +208,9 @@ msgid ""
"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
"(<quote>;</quote>). Inline comments are not supported."
msgstr ""
+"Una línia de comentari comença amb un signe de coixinet (<quote>#</quote>) o "
+"un signe de punt i coma (<quote>;</quote>). Els comentaris en línia no "
+"estan admesos."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:47
@@ -212,7 +219,8 @@ msgid ""
"parameter. Its function is only as a label for the section."
msgstr ""
"Totes les seccions poden tenir un paràmetre opcional de "
-"<replaceable>descripció</replaceable>. Serveix només per etiquetar la secció."
+"<replaceable>descripció</replaceable>. La seva funció tan sols és una "
+"etiqueta per a la secció."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:53
@@ -220,134 +228,160 @@ msgid ""
"<filename>sssd.conf</filename> must be a regular file, owned by root and "
"only root may read from or write to the file."
msgstr ""
-"<filename>sssd.conf</filename> ha de ser un fitxer normal, amb propietat de "
-"root i només l'usuari root ha de poder llegir o escriure a l'arxiu."
+"<filename>sssd.conf</filename> ha de ser un fitxer normal, amb root com a "
+"propietari i només l'usuari root hi pot llegir o escriure."
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:59
msgid "GENERAL OPTIONS"
-msgstr ""
+msgstr "OPCIONS GENERALS"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:61
msgid "Following options are usable in more than one configuration sections."
msgstr ""
+"Les següents opcions es poden utilitzar en més d'una secció de configuració."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:65
msgid "Options usable in all sections"
-msgstr ""
+msgstr "Opcions que es poden utilitzar en totes les seccions"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:69
msgid "debug_level (integer)"
-msgstr "debug_level (Enter)"
+msgstr "debug_level (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
-msgid "debug_timestamps (bool)"
-msgstr "debug_timestamps (bool)"
+#, fuzzy
+#| msgid "debug_level (integer)"
+msgid "debug (integer)"
+msgstr "debug_level (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:76
msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
+msgid "debug_timestamps (bool)"
+msgstr "debug_timestamps (booleà)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:89
+msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
+"Afegeix una marca temporal al registre de depuració. Si el journald està "
+"habilitat per enregistrar la depuració de l'SSSD, aleshores s'ignora aquesta "
+"opció."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr "Per defecte: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
-msgstr ""
+msgstr "debug_microseconds (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
+"Afegeix els mil·lisegons a les marques temporals als missatges de depuració. "
+"Si el journald està habilitat per enregistrar la depuració de l'SSSD, "
+"aleshores s'ignora aquesta opció."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr "Per defecte: false"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
+msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
-msgstr ""
+msgstr "Opcions que es poden utilitzar a les seccions SERVEI i DOMINI"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
-msgstr "timeout (Enter)"
+msgstr "timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
+"El temps d'expiració entre els batecs per aquest servei. S'utilitza per "
+"assegurar que el procés età viu i és capaç de respondre a les peticions."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "Per defecte: 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr "SECCIONS ESPECIALS"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr "La secció [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr "Paràmetres de la secció"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr "config_file_version (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
-"Indica quina és la sintaxi de l'arxiu de configuració. L'SSSD 0.6.0 i "
-"posteriors fan servir la versió 2."
+"Indica quina és la sintaxi del fitxer de configuració. La versió 0.6.0 i les "
+"posteriors versions de l'SSSD utilitzen la versió 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
-msgstr "serveis"
+msgstr "services"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
@@ -355,40 +389,45 @@ msgstr ""
"sssd."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
msgstr ""
+"Serveis admesos: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
-msgstr "reconnection_retries (Enter)"
+msgstr "reconnection_retries (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
-"Nombre de vegades que els serveis haurien d'intentar reconnectar en cas de "
-"caiguda del Proveïdor de Dades o reiniciar abans de donar-se per vençuts"
+"El nombre de vegades que els serveis haurien d'intentar tornar a connectar "
+"en cas de caiguda o reinici del proveïdor de dades abans de donar-se per "
+"vençuts"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "Per defecte: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
-msgstr "dominis"
+msgstr "domains"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -396,185 +435,211 @@ msgid ""
"them to be queried. A domain name should only consist of alphanumeric ASCII "
"characters, dashes, dots and underscores."
msgstr ""
+"Un domini és una base de dades que conté la informació de l'usuari. L'SSSD "
+"pot utilitzar més d'un domini al mateix temps, però com a mínim se n'ha de "
+"configurar un o no s'iniciarà l'SSSD. En aquest paràmetre es descriuen la "
+"llista dels dominis en l'ordre que vulgueu que es consultin. Un nom de "
+"domini tan sols pot consistir de caràcters alfanumèrics ASCII, guions, punts "
+"i guions baixos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr "re_expression (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
+"L'expressió regular per defecte que descriu com analitzar la cadena que "
+"conté el nom d'usuari i el domini en aquests components."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
"SECTIONS for more info on these regular expressions."
msgstr ""
+"Cadascun dels dominis pot tenir una expressió regular configurada de forma "
+"individual. Per alguns proveïdors d'id. també hi ha expressions regulars per "
+"defecte. Vegeu les SECCIONS DELS DOMINIS per a més informació sobre aquestes "
+"expressions regulars."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr "full_name_format (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
"fully qualified name from user name and domain name components."
msgstr ""
+"Un format compatible amb <citerefentry> <refentrytitle>printf</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry>-que descriu com "
+"compondre un FQN des dels components del nom d'usuari i del nom del domini."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
-msgstr ""
+msgstr "%1$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
-msgstr ""
+msgstr "nom d'usuari"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
-msgstr ""
+msgstr "%2$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
+"el nom del domini tal com s'especifica al fitxer de configuració de l'SSSD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
-msgstr ""
+msgstr "%3$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
+"S'admeten les següents ampliacions: <placeholder type=\"variablelist\" id="
+"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
+"Cadascun dels dominis pot tenir una cadena del format configurada de forma "
+"individual. Vegeu les SECCIONS DELS DOMINIS per a més informació sobre "
+"aquesta opció."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr "try_inotify (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
"this, and will fall back to polling resolv.conf every five seconds if "
"inotify cannot be used."
msgstr ""
-"L'SSSD monitora l'estat de resolv.conf per a identificar quan cal "
-"actualitzar el seu traductor intern de DNS. Per defecte, s'intentarà "
-"utilitzar inotify per a això i recaurà en sondejar el resolv.conf cada cinc "
-"segons si inotify no es pot utilitzar."
+"L'SSSD monitora l'estat del resolv.conf per identificar quan cal actualitzar "
+"el seu traductor intern de DNS. Per defecte, s'intentarà utilitzar inotify "
+"per a això i recaurà en sondejar el resolv.conf cada cinc segons si no es "
+"pot utilitzar l'inotify."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
"to 'false'"
msgstr ""
-"Hi ha algunes situacions limitades on és preferit ometre fins i tot "
-"d'intentar utilitzar inotify. En aquests casos rars, s'hauria d'establir "
-"aquesta opció a 'false'"
+"Hi ha algunes situacions limitades on es prefereix ignorar fins i tot "
+"l'intent d'ús de l'inotify. En aquestes estranyes circumstàncies, s'hauria "
+"d'establir aquesta opció a «false»"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
-"Per defecte: true en plataformes on està suportat inotify. Fals en altres "
-"plataformes."
+"Per defecte: true en les plataformes on està suportat l'inotify. Fals en les "
+"altres plataformes."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
-"Nota: aquesta opció no afectarà a plataformes on inotify no està disponible. "
-"En aquestes plataformes, sempre s'utilitzarà el sondeig."
+"Nota: aquesta opció no afectarà les plataformes on l'inotify no està "
+"disponible. En aquestes plataformes, sempre s'utilitzarà el sondeig."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
-msgstr ""
+msgstr "krb5_rcache_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-"Directori al sistema de fitxers on el SSSD ha d'emmagatzemar els fitxers cau "
-"de Kerberos"
+"El directori al sistema de fitxers on l'SSSD ha d'emmagatzemar els fitxers "
+"cau de repetició del Kerberos."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
+"Aquesta opció accepta un valor especial __LIBKRB5_DEFAULTS__ que instruirà a "
+"l'SSSD per permetre a libkrb5 decidir la ubicació apropiada per a la memòria "
+"auxiliar de reproducció."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
+"Per defecte: Específic de la distribució i s'especifica en temps de "
+"construcció. (__LIBKRB5_DEFAULTS__ si no està configurat)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
-msgstr ""
+msgstr "user (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
-msgstr ""
+msgstr "Per defecte: sense establir, els processos s'executaran com a root"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
-msgstr ""
+msgstr "default_domain_suffix (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -582,9 +647,15 @@ msgid ""
"trusted domain. The option allows those users to log in just with their "
"user name without giving a domain name as well."
msgstr ""
+"Aquesta cadena s'utilitzarà un nom de domini per defecte per a tots els noms "
+"que no tinguin el component del nom del domini. El cas d'ús principal està "
+"als entorns on el domini principal està destinat a la gestió de les "
+"polítiques dels amfitrions i tots els usuaris es troben en un domini de "
+"confiança. L'opció permet que els usuaris iniciïn la sessió sols amb el seu "
+"nom d'usuari sense donar també un nom de domini."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -592,22 +663,27 @@ msgid ""
"is not allowed to use this option together with use_fully_qualified_names "
"set to False."
msgstr ""
+"Tingueu en compte que si s'estableix aquesta opció per a tots els usuaris "
+"des del domini principal, s'han d'utilitzar el seu FQN, p. ex. usuari@nom."
+"domini, per iniciar la sessió. En establir aquesta opció es canvia el "
+"predeterminat d'use_fully_qualified_names a True. No està permès l'ús "
+"d'aquesta opció juntament amb use_fully_qualified_names establert a False."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
-msgstr ""
+msgstr "Per defecte: sense establir"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
-msgstr ""
+msgstr "override_space (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -617,7 +693,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -626,12 +702,106 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
+msgstr "Per defecte: sense establir (no se substituiran els espais)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+#, fuzzy
+#| msgid "ldap_user_certificate (string)"
+msgid "certificate_verification (string)"
+msgstr "ldap_user_certificate (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+#, fuzzy
+#| msgid "These options can be used to configure the InfoPipe responder."
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+"Es poden utilitzar aquestes opcions per configurar el contestador de "
+"l'InfoPipe."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+#, fuzzy
+#| msgid "Default: not set, i.e. service discovery is disabled"
+msgid "Default: not set, i.e. do not restrict certificate vertification"
msgstr ""
+"Defecte: no definit, és a dir, el descobriment de serveis està inhabilitat"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -640,20 +810,20 @@ msgid ""
"some other important options like the identity domains. <placeholder type="
"\"variablelist\" id=\"0\"/>"
msgstr ""
-"Parts concretes de la funcionalitat de l'SSSD les proveeixen serveis "
-"especials que s'inicien i s'aturen juntament amb l'SSSD. Els serveis es "
-"gestionen amb un servei especial anomenat <quote>monitor</quote>. La secció "
-"<quote>[sssd]</quote> s'utilitza per configurar el monitor així com altres "
-"opcions importants com les identitats de dominies. <placeholder type="
-"\"variablelist\" id=\"0\"/>"
+"Les peces individuals de la funcionalitat de l'SSSD es proporcionen amb "
+"serveis especials que s'inicien i s'aturen juntament amb l'SSSD. Els "
+"serveis es gestionen amb un servei especial anomenat <quote>monitor</quote>. "
+"La secció <quote>[sssd]</quote> s'utilitza per configurar el monitor així "
+"com altres opcions importants com els dominis d'identitats. <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
-msgstr "SECCIONS DE SERVEIS"
+msgstr "SECCIONS DELS SERVEIS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -666,22 +836,22 @@ msgstr ""
"quote>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr "Opcions de configuració del servei general"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
-msgstr "Aquestes opcions es poden utilitzar per a configurar qualsevol servei."
+msgstr "Es poden utilitzar aquestes opcions per configurar qualsevol servei."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
-msgstr ""
+msgstr "fd_limit"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -691,17 +861,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
-msgstr ""
+msgstr "client_idle_timeout"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -709,19 +879,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr "Per defecte: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
-msgstr ""
+msgstr "force_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -731,12 +901,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
-msgstr ""
+msgstr "offline_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -744,102 +914,50 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
-msgstr ""
+msgstr "offline_timeout + random_offset"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
-msgstr ""
+msgstr "new_interval = old_interval*2 + random_offset"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr "Per defecte: none"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
-msgstr "Opcions de configuració d'NSS"
+msgstr "Opcions de configuració de l'NSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
-"Aquestes opcions es poden utilitzar per a configurar el servei de canvi de "
-"servei de nom (NSS)."
+"Es poden utilitzar aquestes opcions per configurar el servei del NSS (Name "
+"Service Switch)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
-msgstr "enum_cache_timeout (Enter)"
+msgstr "enum_cache_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -848,17 +966,17 @@ msgstr ""
"(peticions d'informació sobre tots els usuaris)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "Per defecte: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
-msgstr "entry_cache_nowait_percentage (Enter)"
+msgstr "entry_cache_nowait_percentage (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -869,7 +987,7 @@ msgstr ""
"valor entry_cache_timeout per al domini."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -877,7 +995,7 @@ msgid ""
"but the SSSD will go and update the cache on its own, so that future "
"requests will not need to block waiting for a cache update."
msgstr ""
-"Per exemple, si s'estableix entry_cache_timeout del domini a 30s i "
+"Per exemple, si s'estableix entry_cache_timeout del domini a 30 s i "
"entry_cache_nowait_percentage està establert a 50 (per cent), les entrades "
"que arriben després de 15 segons més enllà de l'última actualització de la "
"memòria cau es retornaran immediatament, però l'SSSD anirà actualitzant la "
@@ -885,7 +1003,7 @@ msgstr ""
"peticions que esperen per a una actualització de la memòria cau."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -898,17 +1016,17 @@ msgstr ""
"(0 desactiva aquesta característica)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
-msgstr ""
+msgstr "Per defecte: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
-msgstr "entry_negative_timeout (Enter)"
+msgstr "entry_negative_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -920,36 +1038,73 @@ msgstr ""
"altra vegada."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "Per defecte: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "autofs_negative_timeout (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "autofs_negative_timeout (enter)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+#, fuzzy
+#| msgid ""
+#| "Specifies for how many seconds nss_sss should cache negative cache hits "
+#| "(that is, queries for invalid database entries, like nonexistent ones) "
+#| "before asking the back end again."
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+"Especifica quants segons nss_sss hauria d'emmagatzemar els intents de la "
+"memòria cau negatius (és a dir, consultes per a les entrades incorrectes de "
+"la base de dades, com les inexistents) abans de preguntar al rerefons una "
+"altra vegada."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Per defecte: 0"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
+msgid ""
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:652
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr "Per defecte: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -957,97 +1112,111 @@ msgstr ""
"aquesta opció a false."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
-msgstr ""
+msgstr "fallback_homedir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
+"Estableix una plantilla predeterminada per al directori inicial de l'usuari "
+"si no se n'especifica cap explícitament amb el proveïdor de dades del domini."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
+"Els valors disponibles per aquesta opció són els mateixos que per "
+"override_homedir."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
" "
msgstr ""
+"fallback_homedir = /home/%u\n"
+" "
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
+msgstr "exemple: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
+"Per defecte: sense establir (cap substitució per als directoris inicials no "
+"establerts)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
-msgstr ""
+msgstr "override_shell (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
"or per-domain."
msgstr ""
+"Substitueix el shell d'inici de sessió per a tots els usuaris. Aquesta opció "
+"substitueix qualsevol de les altres opcions del shell si entra en vigor i es "
+"pot configurar ja sigui en la secció [nss] o per cada domini."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
+"Per defecte: sense establir (SSSD utilitzarà el valor recuperat del LDAP)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
-msgstr ""
+msgstr "allowed_shells (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
+"Restringeix el shell de l'usuari a un dels valors llistats. L'ordre "
+"d'avaluació és:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
+msgstr "1. Si el shell està present al <quote>/etc/shells</quote>, s'utilitza."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1055,103 +1224,116 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
-msgstr ""
+msgstr "vetoed_shells (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
-msgstr ""
+msgstr "shell_fallback (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
-msgstr ""
+msgstr "Per defecte: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
-msgstr ""
+msgstr "default_shell"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
-msgstr ""
+msgstr "get_domains_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
-msgstr ""
+msgstr "memcache_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr "Per defecte: 300"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+#, fuzzy
+#| msgid ""
+#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+#| "applications will not use the fast in memory cache."
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+"Si la variable d'entorn SSS_NSS_USE_MEMCACHE està establerta a \"NO\", les "
+"aplicacions clients no utilitzaran el fast en la memòria cau."
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
-msgstr ""
+msgstr "user_attributes (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1162,38 +1344,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
-msgstr "Opcions de configuració de PAM"
+msgstr "Opcions de configuració del PAM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
-"Aquestes opcions s'utilitzen per configurar el servei de Pluggable "
-"Authentication Module (PAM)."
+"Es poden utilitzar aquestes opcions per configurar el servei del PAM "
+"(Pluggable Authentication Module)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
-msgstr "offline_credentials_expiration (Enter)"
+msgstr "offline_credentials_expiration (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -1203,17 +1385,17 @@ msgstr ""
"de sessió)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr "Per defecte: 0 (sense límit)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
-msgstr "offline_failed_login_attempts (Enter)"
+msgstr "offline_failed_login_attempts (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -1222,12 +1404,12 @@ msgstr ""
"fallits es permet."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
-msgstr "offline_failed_login_delay (Enter)"
+msgstr "offline_failed_login_delay (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -1237,7 +1419,7 @@ msgstr ""
"possible."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1245,17 +1427,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr "Per defecte: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
-msgstr "pam_verbosity (Enter)"
+msgstr "pam_verbosity (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1264,43 +1446,43 @@ msgstr ""
"l'autenticació. Com més gran sigui el nombre més missatges es mostren."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
-msgstr "L'Sssd suporta actualment els següents valors:"
+msgstr "L'sssd actualment admet els següents valors:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: no mostris cap missatge"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: Mostra només missatges importants"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: Mostra missatges informatius"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis>: Mostra tots els missatges i informació de depuració"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "Per defecte: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
-msgstr "pam_id_timeout (Enter)"
+msgstr "pam_id_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1312,7 +1494,7 @@ msgstr ""
"l'última informació."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1321,22 +1503,22 @@ msgid ""
msgstr ""
"Una conversa completa de PAM pot realitzar múltiples peticions de PAM, com "
"ara la gestió del compte i la sessió d'inici. Aquesta opció controla (en "
-"base a aplicació per client) quant de temps (en segons) es pot emmagatzemar "
-"en memòria cau la informació d'identitat per evitar excessives peticions al "
-"proveïdor d'identitat."
+"funció d'una aplicació client) quant de temps (en segons) es pot "
+"emmagatzemar en memòria cau la informació d'identitat per evitar peticions "
+"excessives al proveïdor d'identitat."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
+msgstr "pam_pwd_expiration_warning (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1344,119 +1526,199 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Per defecte: 0"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
-msgstr ""
+msgstr "pam_trusted_users (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
+#, fuzzy
+#| msgid ""
+#| "Specifies the comma-separated list of UID values or user names that are "
+#| "allowed to access the InfoPipe responder. User names are resolved to UIDs "
+#| "at startup."
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
+"Especifica una llista separada per comes dels valors dels UID o dels noms "
+"d'usuaris que estan assignats per accedir al contestador de l'InfoPipe. Els "
+"noms d'usuaris es resolen als UID en la preparació."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
-msgstr ""
+msgstr "pam_public_domains (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr "Per defecte: none"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
+msgstr "pam_account_expired_message (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1056
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1064
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_expired_message = Account expired, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1073
+#, fuzzy
+#| msgid "pam_account_expired_message (string)"
+msgid "pam_account_locked_message (string)"
+msgstr "pam_account_expired_message (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+#, fuzzy
+#| msgid "enumerate (bool)"
+msgid "pam_cert_auth (bool)"
+msgstr "enumerate (booleà)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr "Per defecte: False"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+#, fuzzy
+#| msgid "krb5_confd_path (string)"
+msgid "pam_cert_db_path (string)"
+msgstr "krb5_confd_path (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
#, fuzzy
#| msgid "pam_id_timeout (integer)"
msgid "p11_child_timeout (integer)"
-msgstr "pam_id_timeout (Enter)"
+msgstr "pam_id_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
-msgstr ""
+msgstr "Opcions de configuració de SUDO"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1465,36 +1727,44 @@ msgid ""
"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-"
"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
msgstr ""
+"Es poden utilitzar aquestes opcions per configurar el servei del sudo. Les "
+"instruccions detallades per la configuració del <citerefentry> "
+"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"perquè funcioni amb <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> estan en la pàgina del manual "
+"<citerefentry> <refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
-msgstr ""
+msgstr "sudo_timed (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
+"Es poden utilitzar aquestes opcions per configurar el servei de l'autofs."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
-msgstr ""
+msgstr "autofs_negative_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1502,72 +1772,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
-msgstr ""
+msgstr "Es poden utilitzar aquestes opcions per configurar el servei de l'SSH."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
-msgstr ""
+msgstr "ssh_hash_known_hosts (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
-msgstr ""
+msgstr "ssh_known_hosts_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
-msgstr ""
+msgstr "Per defecte: 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
#, fuzzy
#| msgid "mail_dir (string)"
msgid "ca_db (string)"
msgstr "mail_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
-#| msgid "Default: gecos"
+#| msgid "Default: /etc/krb5.keytab"
msgid "Default: /etc/pki/nssdb"
-msgstr "Per defecte: gecos"
+msgstr "Per defecte: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
-msgstr ""
+msgstr "Opcions de configuració del contestador del PAC."
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1579,7 +1849,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1590,24 +1860,25 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
+"Es poden utilitzar aquestes opcions per configurar el contestador del PAC."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
-msgstr ""
+msgstr "allowed_uids (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1615,12 +1886,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1628,18 +1899,32 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "pam_id_timeout (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "pam_id_timeout (enter)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr "SECCIONS DE DOMINI"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
-msgstr "min_id, max_id (Enter)"
+msgstr "min_id, max_id (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1648,7 +1933,7 @@ msgstr ""
"fora d'aquests límits, s'ignora."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1661,24 +1946,24 @@ msgstr ""
"com s'esperava."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Per defecte: 1 per a min_id, 0 (sense límit) per a max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr "enumerate (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1687,22 +1972,22 @@ msgstr ""
"valors següents:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = Els usuaris i grups s'enumeren"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = Cap enumeració per a aquest domini"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr "Per defecte: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1714,7 +1999,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1724,7 +2009,7 @@ msgstr ""
"finalitzi."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1738,39 +2023,39 @@ msgstr ""
"ús."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
-msgstr ""
+msgstr "subdomain_enumerate (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
-msgstr ""
+msgstr "all"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
-msgstr ""
+msgstr "none"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1779,21 +2064,21 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
-msgstr "entry_cache_timeout (Enter)"
+msgstr "entry_cache_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
-"Quants segons l'nss_sss hauria de considerar les entrades vàlides abans de "
+"Quants segons el nss_sss hauria de considerar les entrades vàlides abans de "
"demanar al rerefons una altra vegada"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1804,153 +2089,153 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr "Per defecte: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_user_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
-msgstr ""
+msgstr "Per defecte: entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_group_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_netgroup_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_service_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_sudo_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_autofs_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_ssh_host_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
-msgstr ""
+msgstr "refresh_expired_interval (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
-msgstr ""
+msgstr "Per defecte: 0 (inhabilitat)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
-msgstr "cache_credentials (bool)"
+msgstr "cache_credentials (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"Determina si les credencials d'usuari també són emmagatzemades en la memòria "
"cau local de LDB"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1958,24 +2243,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
-msgstr ""
+msgstr "Per defecte: 8"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
-msgstr "account_cache_expiration (Enter)"
+msgstr "account_cache_expiration (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1988,17 +2273,17 @@ msgstr ""
"ha de ser superior o igual que offline_credentials_expiration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr "Per defecte: 0 (sense límit)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
-msgstr ""
+msgstr "pwd_expiration_warning (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -2007,33 +2292,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
-msgstr ""
+msgstr "Per defecte: 7 (Kerberos), 0 (LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr "id_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2041,8 +2326,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2051,8 +2336,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2060,19 +2345,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2080,12 +2365,12 @@ msgid ""
"<command>getent passwd test@LOCAL</command> would."
msgstr ""
"Si s'estableix a TRUE, totes les peticions a aquest domini han d'utilitzar "
-"noms de domini qualificats. Per exemples, si s'utilitza a un domini LOCAL "
-"que conté un usuari \"test\", <command>getent passwd test</command> no "
-"trobaria l'usuari mentre que <command>getent passwd test@LOCAL</command> si."
+"noms de domini qualificats. Per exemple, si s'utilitza a un domini LOCAL que "
+"conté un usuari \"test\", <command>getent passwd test</command> no trobaria "
+"l'usuari mentre que <command>getent passwd test@LOCAL</command> sí."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -2093,22 +2378,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
-msgstr ""
+msgstr "ignore_group_members (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -2120,7 +2405,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -2128,12 +2413,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr "auth_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -2142,7 +2427,7 @@ msgstr ""
"d'autenticació suportats són:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2153,7 +2438,7 @@ msgstr ""
"manvolnum></citerefentry> per a més informació sobre configuració d'LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2164,20 +2449,20 @@ msgstr ""
"manvolnum></citerefentry> per a més informació sobre configurar Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
-"<quote>proxy</quote> per a l'autenticació re-enviada a algun altre objectiu "
+"<quote>proxy</quote> per a l'autenticació reenviada a algun altre objectiu "
"de PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> impossibilita l'autenticació explícitament."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -2186,12 +2471,12 @@ msgstr ""
"gestionar les sol·licituds d'autenticació."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr "access_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2202,19 +2487,19 @@ msgstr ""
"instal·lats) Els proveïdors especials interns són:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> sempre denega l'accés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2227,17 +2512,44 @@ msgstr ""
"configuració del mòdul d'accés simple."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+#, fuzzy
+#| msgid ""
+#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
+#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring Kerberos."
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+"<quote>krb5</quote> per a l'autenticació Kerberos. Vegeu "
+"<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> per a més informació sobre configurar Kerberos."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+#, fuzzy
+#| msgid ""
+#| "<quote>proxy</quote> for relaying password changes to some other PAM "
+#| "target."
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+"<quote>proxy</quote> per al canvi de contrasenya reenviat a algun altre "
+"objectiu PAM."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr "Per defecte: <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
-msgstr "chpass_provider (string)"
+msgstr "chpass_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -2246,7 +2558,7 @@ msgstr ""
"al domini. Els proveïdors de canvi de contrasenya compatibles són:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2258,7 +2570,7 @@ msgstr ""
"configuració d'LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2269,20 +2581,20 @@ msgstr ""
"manvolnum></citerefentry> per a més informació sobre configurar Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
-"<quote>proxy</quote> per al canvi de contrasenya re-enviat a algun altre "
-"objectiu de PAM."
+"<quote>proxy</quote> per al canvi de contrasenya reenviat a algun altre "
+"objectiu PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr "<quote>none</quote> rebutja els canvis de contrasenya explícitament."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -2291,17 +2603,17 @@ msgstr ""
"gestionar peticions de canvi de contrasenya."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
-msgstr ""
+msgstr "sudo_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2309,32 +2621,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2345,12 +2657,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
-msgstr ""
+msgstr "selinux_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2358,7 +2670,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2366,31 +2678,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
-msgstr ""
+msgstr "subdomains_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2398,7 +2710,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2407,23 +2719,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
-msgstr ""
+msgstr "autofs_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2431,7 +2743,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2439,24 +2751,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+#, fuzzy
+#| msgid ""
+#| "<quote>ldap</quote> to change a password stored in a LDAP server. See "
+#| "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring LDAP."
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+"<quote>ldap</quote> per canviar una contrasenya emmagatzemada en un servidor "
+"LDAP. Vegeu <citerefentry><refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> per a més informació sobre "
+"configuració d'LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
-msgstr ""
+msgstr "hostid_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2464,12 +2793,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2479,7 +2808,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2488,40 +2817,40 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
"sign, the domain everything after that\""
msgstr ""
"Per defecte: <quote>(?P&lt;nom&gt;[^@]+)@?(?P&lt;domini&gt;[^@]*$)</quote> "
-"que es tradueix per \"el nom és qualsevol cosa fins el símbol <quote>@</"
-"quote> , el domini tot el que ve després\""
+"que es tradueix per \"el nom és tot el que hi ha fins al símbol <quote>@</"
+"quote> , el domini és tot el que hi ha després\""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2529,7 +2858,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2538,17 +2867,17 @@ msgstr ""
"sintaxi Python (?P &lt;name&gt;) a l'etiqueta subpatterns."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Per defecte: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -2557,42 +2886,42 @@ msgstr ""
"realitzar cerques de DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr "Valors admesos:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr "ipv4_first: Intenta resoldre l'adreça IPv4, si falla, intenta IPv6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr "ipv4_only: Intenta resoldre només noms màquina a adreces IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr "ipv6_first: Intenta resoldre l'adreça IPv6, si falla, intenta IPv4"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr "ipv6_only: Intenta resoldre només noms màquina a adreces IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr "Per defecte: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2603,18 +2932,18 @@ msgstr ""
"aquest temps d'espera, el domini seguirà operant en el mode fora de línia."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr "Per defecte: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -2623,52 +2952,52 @@ msgstr ""
"del domini de la consulta DNS del servei de descobriment."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr "Per defecte: Utilitza la part del domini del nom de màquina"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
-msgstr ""
+msgstr "override_gid (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
-msgstr ""
+msgstr "case_sensitive (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
-msgstr ""
+msgstr "True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
-msgstr ""
+msgstr "False"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2676,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2684,41 +3013,87 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
+msgstr "subdomain_inherit (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2314
+msgid ""
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr "ignore_group_members"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr "ldap_purge_cache_timeout"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr "ldap_use_tokengroups"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr "ldap_user_principal"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr "Exemple: <placeholder type=\"programlisting\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
-msgstr ""
+msgstr "subdomain_homedir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
-msgstr ""
+msgstr "%F"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2728,36 +3103,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
-msgstr ""
+msgstr "Per defecte: <filename>/home/%d/%u</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
-msgstr ""
+msgstr "realmd_tags (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
#, fuzzy
-#| msgid "enum_cache_timeout (integer)"
+#| msgid "memcache_timeout (int)"
msgid "cached_auth_timeout (int)"
-msgstr "enum_cache_timeout (Enter)"
+msgstr "memcache_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2765,12 +3140,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2778,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2789,17 +3164,17 @@ msgstr ""
"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
-msgstr "El servidor intermediari on re-envia PAM."
+msgstr "El servidor intermediari on reenvia PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -2808,37 +3183,51 @@ msgstr ""
"de pam existent o crear-ne una de nova i afegir aquí el nom del servei."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
-"El nom de la biblioteca NSS per utilitzar en els servidors intermediaris de "
-"domini. Les funcions NSS buscades a la biblioteca tenen el format _nss_"
-"$(libName)_$(function), per exemple _nss_files_getpwent."
+"El nom de la biblioteca NSS per utilitzar als dominis del servidor "
+"intermediari. Les funcions NSS que se cerquen a la biblioteca tenen el "
+"format _nss_$(libName)_$(function), per exemple _nss_files_getpwent."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr "proxy_fast_alias (booleà)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
-"Opcions vàlides per a servidors intermediaris de domini. <placeholder type="
+"Opcions vàlides per als dominis del servidor intermediari. <placeholder type="
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
-msgstr "La secció de domini local"
+msgstr "La secció del domini local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2849,77 +3238,77 @@ msgstr ""
"<replaceable>id_provider = local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr "default_shell (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
-"L'intèrpret d'ordres per defecte per als usuaris creats amb eines SSSD "
-"d'espai d'usuari."
+"El shell predeterminat per als usuaris que es creen amb eines de l'espai "
+"d'usuari de l'SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Per defecte: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr "base_directory (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
-"Les eines afegeixen el nom d'usuari a <replaceable>base_directory</"
-"replaceable> i utilitzen això com el directori d'usuari."
+"Les eines concatenen el nom d'usuari a <replaceable>base_directory</"
+"replaceable> i utilitzen aquest com el directori inicial."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr "Per defecte: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr "create_homedir (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr "Per defecte: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr "remove_homedir (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr "homedir_umask (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2927,64 +3316,64 @@ msgid ""
msgstr ""
"Utilitzat per <citerefentry><refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum></citerefentry> per especificar els permisos per "
-"defecte en un directori personal acabat de crear."
+"defecte en un directori inicial acabat de crear."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr "Per defecte: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr "skel_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>"
msgstr ""
-"El directori d'esquelet que conté fitxers i directoris per copiar al "
-"directori de personal, quan el directori personal és creat per "
+"El directori esquemàtic que conté els fitxers i els directoris per copiar al "
+"directori inicial, quan el directori inicial de l'usuari es crea amb "
"<citerefentry><refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
"manvolnum></citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Per defecte: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr "mail_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
"default value is used."
msgstr ""
-"El directori de cua de correu. Això és necessari per manipular la bústia de "
-"correu quan el compte d'usuari corresponent és modificat o suprimit. Si no "
-"s'especifica, s'utilitzarà un valor per defecte."
+"El directori de gestió de cues del correu. Aquest és necessari per manipular "
+"la bústia de correu quan el compte d'usuari corresponent és modificat o "
+"suprimit. Si no s'especifica, s'utilitzarà un valor per defecte."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr "Per defecte: <filename>/var/correu</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2995,19 +3384,19 @@ msgstr ""
"té en compte."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr "Per defecte: Cap, no s'executa cap comanda"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "EXEMPLE"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -3048,31 +3437,30 @@ msgstr ""
"\n"
"[domain/LDAP]\n"
"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
+"ldap_uri = ldap://ldap.exemple.com\n"
+"ldap_search_base = dc=exemple,dc=com\n"
"\n"
"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
+"krb5_server = kerberos.exemple.com\n"
+"krb5_realm = EXEMPLE.COM\n"
"cache_credentials = true\n"
"\n"
"min_id = 10000\n"
"max_id = 20000\n"
"enumerate = False\n"
-"\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
"configuring domains for more details. <placeholder type=\"programlisting\" "
"id=\"0\"/>"
msgstr ""
-"El següent exemple mostra una configuració típica d'SSSD. No descriu la "
-"configuració dels mateixos dominis - referiu-vos a la documentació de "
-"configuració de dominis per a més detalls. <placeholder type="
-"\"programlisting\" id=\"0\"/>"
+"En el següent exemple es mostra una configuració típica de l'SSSD. No es "
+"descriu la configuració dels mateixos dominis - referiu-vos a la "
+"documentació sobre la configuració dels dominis per a més detalls. "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
@@ -3082,7 +3470,7 @@ msgstr "sssd-ldap"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-ldap.5.xml:17
msgid "SSSD LDAP provider"
-msgstr ""
+msgstr "Proveïdor de LDAP de l'SSSD"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
@@ -3093,12 +3481,12 @@ msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> manual page for detailed syntax information."
msgstr ""
-"Aquesta pàgina del manual descriu la configuració de dominis LDAP per a "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>. Consulteu la secció <quote>FORMAT DE FITXER</quote> de la "
-"pàgina del manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> per obtenir informació detallada de "
-"la sintaxi."
+"En aquesta pàgina del manual es descriu la configuració de dominis LDAP per "
+"a <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>. Consulteu la secció <quote>FORMAT DE FITXER</"
+"quote> de la pàgina del manual <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> per obtenir "
+"informació detallada de la sintaxi."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:35
@@ -3121,11 +3509,11 @@ msgstr ""
"TLS/SSL o LDAPS. L'<command>sssd</command> <emphasis>no</emphasis> suporta "
"autenticació sobre un canal sense xifrar. Si el servidor de LDAP s'utilitza "
"només com a un proveïdor d'identitats, no és necessari un canal xifrat. Si "
-"us plau refereiu-vos a l'opció <quote>ldap_access_filter</quote> per a més "
+"us plau, refereiu-vos a l'opció <quote>ldap_access_filter</quote> per a més "
"informació sobre l'ús d'LDAP com un proveïdor d'accés."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "OPCIONS DE CONFIGURACIÓ"
@@ -3133,7 +3521,7 @@ msgstr "OPCIONS DE CONFIGURACIÓ"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:60
msgid "ldap_uri, ldap_backup_uri (string)"
-msgstr ""
+msgstr "ldap_uri, ldap_backup_uri (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:63
@@ -3153,7 +3541,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:73
msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
+msgstr "ldap[s]://&lt;host&gt;[:port]"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:76
@@ -3164,12 +3552,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:79
msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
+msgstr "exemple: ldap://[fc00::126:25]:389"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:85
msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)"
-msgstr ""
+msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:88
@@ -3228,10 +3616,10 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
-msgstr ""
+msgstr "Exemples:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:129
@@ -3246,6 +3634,8 @@ msgid ""
"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
"(host=thishost)?dc=example.com?subtree?"
msgstr ""
+"ldap_search_base = cn=host_specific,dc=exemple,dc=com?subtree?"
+"(host=thishost)?dc=exemple.com?subtree?"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:137
@@ -3288,22 +3678,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ldap.5.xml:172
msgid "rfc2307"
-msgstr ""
+msgstr "rfc2307"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ldap.5.xml:177
msgid "rfc2307bis"
-msgstr ""
+msgstr "rfc2307bis"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ldap.5.xml:182
msgid "IPA"
-msgstr ""
+msgstr "IPA"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ldap.5.xml:187
msgid "AD"
-msgstr ""
+msgstr "AD"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:193
@@ -3360,7 +3750,7 @@ msgstr "obfuscated_password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:235
msgid "Default: password"
-msgstr ""
+msgstr "Per defecte: password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:241
@@ -3461,7 +3851,7 @@ msgstr "ldap_user_home_directory (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:318
msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr "L'atribut LDAP que conté el nom del directori personal de l'usuari."
+msgstr "L'atribut LDAP que conté el nom del directori inicial de l'usuari."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:322
@@ -3486,7 +3876,7 @@ msgstr "Per defecte: loginShell"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:341
msgid "ldap_user_uuid (string)"
-msgstr ""
+msgstr "ldap_user_uuid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:344
@@ -3503,7 +3893,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:355
msgid "ldap_user_objectsid (string)"
-msgstr ""
+msgstr "ldap_user_objectsid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:358
@@ -3523,7 +3913,7 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -3532,7 +3922,7 @@ msgstr ""
"pare."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr "Per defecte: modifyTimestamp"
@@ -3718,7 +4108,7 @@ msgstr "Per defecte: krbPasswordExpiration"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:525
msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
+msgstr "ldap_user_ad_account_expires (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:528
@@ -3730,12 +4120,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:533
msgid "Default: accountExpires"
-msgstr ""
+msgstr "Per defecte: accountExpires"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:539
msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
+msgstr "ldap_user_ad_user_account_control (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:542
@@ -3747,12 +4137,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:547
msgid "Default: userAccountControl"
-msgstr ""
+msgstr "Per defecte: userAccountControl"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:553
msgid "ldap_ns_account_lock (string)"
-msgstr ""
+msgstr "ldap_ns_account_lock (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:556
@@ -3769,7 +4159,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:567
msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
+msgstr "ldap_user_nds_login_disabled (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:570
@@ -3781,12 +4171,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588
msgid "Default: loginDisabled"
-msgstr ""
+msgstr "Per defecte: loginDisabled"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:580
msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
+msgstr "ldap_user_nds_login_expiration_time (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:583
@@ -3798,7 +4188,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:594
msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
+msgstr "ldap_user_nds_login_allowed_time_map (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:597
@@ -3810,7 +4200,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:602
msgid "Default: loginAllowedTimeMap"
-msgstr ""
+msgstr "Per defecte: loginAllowedTimeMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:608
@@ -3834,7 +4224,7 @@ msgstr "Per defecte: krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:621
msgid "ldap_user_extra_attrs (string)"
-msgstr ""
+msgstr "ldap_user_extra_attrs (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:624
@@ -3864,7 +4254,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:649
msgid "ldap_user_extra_attrs = telephoneNumber"
-msgstr ""
+msgstr "ldap_user_extra_attrs = telephoneNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:652
@@ -3876,7 +4266,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:656
msgid "ldap_user_extra_attrs = phone:telephoneNumber"
-msgstr ""
+msgstr "ldap_user_extra_attrs = phone:telephoneNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:659
@@ -3888,7 +4278,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:669
msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
+msgstr "ldap_user_ssh_public_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:672
@@ -3898,7 +4288,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:676
msgid "Default: sshPublicKey"
-msgstr ""
+msgstr "Per defecte: sshPublicKey"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:682
@@ -3933,7 +4323,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:712
msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
+msgstr "ldap_purge_cache_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:715
@@ -3966,8 +4356,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "L'atribut LDAP que correspon al nom complet de l'usuari."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr "Per defecte: cn"
@@ -4008,7 +4398,7 @@ msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
-"Una denegació explícita (! svc) es resol en primer lloc. En segon lloc, "
+"Una denegació explícita (!svc) es resol en primer lloc. En segon lloc, "
"l'SSSD cerca autoritzacions explícites (svc) i, finalment, allow_all (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -4027,7 +4417,7 @@ msgstr "Per defecte: authorizedService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:790
msgid "ldap_user_authorized_host (string)"
-msgstr ""
+msgstr "ldap_user_authorized_host (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:793
@@ -4060,7 +4450,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:817
msgid "ldap_user_certificate (string)"
-msgstr ""
+msgstr "ldap_user_certificate (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:820
@@ -4125,7 +4515,7 @@ msgstr "Per defecte: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:882
msgid "ldap_group_uuid (string)"
-msgstr ""
+msgstr "ldap_group_uuid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:885
@@ -4135,7 +4525,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:896
msgid "ldap_group_objectsid (string)"
-msgstr ""
+msgstr "ldap_group_objectsid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:899
@@ -4152,7 +4542,7 @@ msgstr "ldap_group_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:924
msgid "ldap_group_type (integer)"
-msgstr ""
+msgstr "ldap_group_type (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:927
@@ -4176,22 +4566,42 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
+#, fuzzy
+#| msgid "ldap_group_member (string)"
+msgid "ldap_group_external_member (string)"
+msgstr "ldap_group_member (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:948
+msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:948
+#: sssd-ldap.5.xml:964
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
-"Si ldap_schema s'estableix a un format d'esquema que suporta grups niats (p. "
-"ex. RFC2307bis), llavors aquest opció controla quants nivells de nidificació "
-"seguirà l'SSSD. Aquesta opció no té cap efecte sobre l'esquema RFC2307."
+"Si ldap_schema s'estableix a un format d'esquema que admeti els grups niats "
+"(p. ex. RFC2307bis), llavors aquesta opció controla quants nivells de "
+"nidificació seguirà l'SSSD. Aquesta opció no té cap efecte sobre l'esquema "
+"RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -4201,26 +4611,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr "Per defecte: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -4228,14 +4639,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -4243,7 +4654,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4251,19 +4662,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4271,169 +4676,169 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr "La classe d'objecte d'una entrada de netgroup a LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr "Per defecte: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "L'atribut LDAP que es correspon amb el nom del netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr "L'atribut LDAP que conté els noms dels membres del netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr "Per defecte: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
"L'atribut LDAP que conté les tripletes netgroup (maquina, usuari, domini)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr "Per defecte: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
-msgstr ""
+msgstr "ldap_service_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
-msgstr ""
+msgstr "Per defecte: ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
-msgstr ""
+msgstr "ldap_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
-msgstr ""
+msgstr "ldap_service_port (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
-msgstr ""
+msgstr "Per defecte: ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
-msgstr ""
+msgstr "ldap_service_proto (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
-msgstr ""
+msgstr "Per defecte: ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
-msgstr ""
+msgstr "ldap_service_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4441,7 +4846,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4449,12 +4854,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
+msgstr "ldap_enumeration_search_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4462,12 +4867,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4484,12 +4889,12 @@ msgstr ""
"manvolnum></citerefentry> retorna en cas de cap activitat."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4498,12 +4903,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
+msgstr "ldap_connection_expire_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4512,34 +4917,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
-msgstr ""
+msgstr "Per defecte: 900 (15 minuts)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
-msgstr ""
+msgstr "ldap_page_size (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
-msgstr ""
+msgstr "Per defecte: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
-msgstr ""
+msgstr "ldap_disable_paging (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4547,14 +4952,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4562,17 +4967,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
-msgstr ""
+msgstr "ldap_disable_range_retrieval (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4582,12 +4987,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
-msgstr ""
+msgstr "ldap_sasl_minssf (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4595,17 +5000,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
-msgstr ""
+msgstr "ldap_deref_threshold (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4613,13 +5018,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4628,7 +5033,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4636,12 +5041,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -4651,7 +5056,7 @@ msgstr ""
"valors següents:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -4660,7 +5065,7 @@ msgstr ""
"certificat del servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4672,7 +5077,7 @@ msgstr ""
"normalment."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4683,7 +5088,7 @@ msgstr ""
"proporciona un certificat dolent, immediatament s'acaba la sessió."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4694,22 +5099,22 @@ msgstr ""
"immediatament s'acaba la sessió."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr "Per defecte: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -4718,7 +5123,7 @@ msgstr ""
"Certificació que reconeixerà l'<command>sssd</command>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -4727,12 +5132,12 @@ msgstr ""
"<filename>/etc/openldap/ldap.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4746,32 +5151,32 @@ msgstr ""
"correctes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
-msgstr ""
+msgstr "ldap_tls_cert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
-msgstr ""
+msgstr "ldap_tls_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
+msgstr "ldap_tls_cipher_suite (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4779,12 +5184,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -4793,12 +5198,12 @@ msgstr ""
"class=\"protocol\">tls</systemitem> per a protegir el canal."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
-msgstr ""
+msgstr "ldap_id_mapping (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4806,17 +5211,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
-msgstr ""
+msgstr "ldap_min_id, ldap_max_id (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4827,17 +5232,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -4846,12 +5251,12 @@ msgstr ""
"i suportat."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4860,17 +5265,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
-msgstr ""
+msgstr "ldap_sasl_realm (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4878,82 +5283,82 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
-msgstr ""
+msgstr "Per defecte: el valor de krb5_realm."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
+msgstr "ldap_sasl_canonicalize (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
-msgstr ""
+msgstr "Per defecte: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "Especifica el fitxer keytab a utilitzar quan s'utilitza SASL/GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Per defecte: Fitxer keytab de sistema, normalment <filename>/etc/krb5."
"keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
"GSSAPI."
msgstr ""
-"Especifica que el id_provider hauria d'iniciar les credencials del Kerberos "
-"(TGT). Aquesta acció es realitza només si s'utilitza SASL i el mecanisme "
+"Especifica que id_provider ha d'iniciar les credencials del Kerberos (TGT). "
+"Aquesta acció únicament es realitza si s'utilitza SASL i el mecanisme "
"seleccionat és GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Especifica el temps de vida en segons de la TGT si s'utilitza GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr "Per defecte: 86400 (24 hores)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
-msgstr ""
+msgstr "krb5_server, krb5_backup_server (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4965,64 +5370,64 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
"none are found."
msgstr ""
-"En utilitzar el servei de descobriment per a servidors KDC o kpasswd, l'SSSD "
-"primer cerca les entrades DNS que especifiquen _udp com el protocol i "
+"Quan s'utilitza el servei de descobriment per als servidors KDC o kpasswd, "
+"l'SSSD primer cerca les entrades DNS que especifiquen _udp com el protocol i "
"retorna a _tcp si no se'n troba cap."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
"migrate their config files to use <quote>krb5_server</quote> instead."
msgstr ""
"Aquesta opció s'anomenava <quote>krb5_kdcip</quote> en les primeres versions "
-"d'SSSD. Mentre que el nom antic és reconegut de moment, s'aconsella als "
-"usuaris que migrain els seus fitxers de configuració per utilitzar "
+"de l'SSSD. Mentre que el nom antic és reconegut de moment, s'aconsella als "
+"usuaris que migrin els seus fitxers de configuració per utilitzar "
"<quote>krb5_server</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr "Especifica l'àmbit KERBEROS (per a autenticació SASL/GSSAPI)."
+msgstr "Especifica l'àmbit KERBEROS (per a l'autenticació SASL/GSSAPI)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Per defecte: Paràmetres predeterminats del sistema, vegeu <filename>/etc/"
"krb5.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
-msgstr ""
+msgstr "krb5_canonicalize (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
-msgstr ""
+msgstr "krb5_use_kdcinfo (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5032,7 +5437,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5040,12 +5445,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -5054,7 +5459,7 @@ msgstr ""
"costat del client. S'admeten els valors següents:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -5063,7 +5468,7 @@ msgstr ""
"opció no inhabilita les polítiques de contrasenya de servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5071,7 +5476,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5083,34 +5488,34 @@ msgstr ""
"contrasenya."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
"Especifica si el seguiment automàtic del referenciador s'hauria d'habilitar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
-"Si us plau fixi's que l'sssd només suporta el seguiment del referenciador "
-"quan és compilat amb la versió d'OpenLDAP 2.4.13 o superior."
+"Tingueu en compte que l'sssd només admet l'encadenament de les referències "
+"quan es compila amb la versió 2.4.13 o superiors d'OpenLDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5119,61 +5524,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"Especifica el nom de servei per utilitzar quan està habilitada la detecció "
"de serveis."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr "Per defecte: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
-"Especifica el nom de servei a utilitzar per trobar un servidor LDAP que "
-"permet canvis de contrasenya quan està habilitada la detecció de serveis."
+"Especifica el nom del servei a utilitzar per trobar un servidor LDAP que "
+"permeti els canvis de contrasenyes quan estigui habilitat el descobriment "
+"dels serveis."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
"Defecte: no definit, és a dir, el descobriment de serveis està inhabilitat"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
-msgstr ""
+msgstr "ldap_chpass_update_last_change (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5189,12 +5595,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr "Exemple:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -5203,37 +5609,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
"access during their last login, they will continue to be granted access "
"while offline and vice-versa."
msgstr ""
-"La memòria cau fora de línia per a aquesta característica es limita a "
-"determinar si el darrer inici de sessió d'usuari va concedir permís d'accés. "
-"Si es var concedir accés durant el seu últim inici de sessió, es continuarà "
-"concedint accés en estar fora de línia i viceversa."
+"La memòria auxiliar sense connexió per a aquesta característica es limita a "
+"determinar si el darrer inici de sessió de l'usuari amb connexió es va "
+"concedir el permís d'accés. Si es va concedir l'accés durant el seu últim "
+"inici de sessió, es continuarà concedint l'accés mentre s'estigui "
+"desconnectat i viceversa."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr "Per defecte: Buit"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -5242,7 +5649,7 @@ msgstr ""
"d'atributs de control d'accés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5254,12 +5661,12 @@ msgstr ""
"contrasenya és correcta."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr "S'admeten els valors següents:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -5268,7 +5675,7 @@ msgstr ""
"determinar si el compte ha caducat."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5277,7 +5684,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5285,7 +5692,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5294,7 +5701,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -5302,24 +5709,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
-"Llista separada per comes d'opcions de control d'accés. Els valors permesos "
+"Llista separada per comes d'opcions de control d'accés. Els valors permesos "
"són:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis>: utilitza ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5329,14 +5736,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5349,12 +5756,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>expire</emphasis>: utilitza ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5364,7 +5771,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5374,20 +5781,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -5396,17 +5803,17 @@ msgstr ""
"authorizedService per determinar l'accés"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr "Per defecte: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -5415,12 +5822,12 @@ msgstr ""
"s'utilitza més d'una vegada."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
-msgstr ""
+msgstr "ldap_pwdlockout_dn (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5429,37 +5836,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
-msgstr ""
+msgstr "Exemple: cn=ppolicy,ou=policies,dc=exemple,dc=com"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
-msgstr ""
+msgstr "Per defecte: cn=ppolicy,ou=policies,$ldap_search_base"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr "ldap_deref (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
-"Especifica com la eliminació de referències d'àlies es fa en realitzar una "
-"cerca. S'admeten les opcions següents:"
+"Especifica com es realitza l'eliminació de les referències dels àlies quan "
+"es fa una cerca. S'admeten les opcions següents:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
"<emphasis>never</emphasis>: les referències dels àlies mai són eliminades."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -5469,7 +5876,7 @@ msgstr ""
"de la cerca."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -5478,7 +5885,7 @@ msgstr ""
"només en localitzar l'objecte base de la cerca."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -5487,7 +5894,7 @@ msgstr ""
"en la recerca i en la localització de l'objecte base de la cerca."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -5496,19 +5903,19 @@ msgstr ""
"biblioteques de client LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
-msgstr ""
+msgstr "ldap_rfc2307_fallback_to_local_users (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5519,7 +5926,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5527,26 +5934,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
#, fuzzy
#| msgid "ldap_opt_timeout (integer)"
msgid "wildcart_limit (integer)"
msgstr "ldap_opt_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5567,12 +5974,12 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
-msgstr ""
+msgstr "OPCIONS DE SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5580,208 +5987,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
-msgstr ""
+msgstr "ldap_sudorule_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
-msgstr ""
+msgstr "Per defecte: sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
-msgstr ""
+msgstr "ldap_sudorule_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
-msgstr ""
+msgstr "ldap_sudorule_command (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
-msgstr ""
+msgstr "Per defecte: sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
-msgstr ""
+msgstr "ldap_sudorule_host (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
-msgstr ""
+msgstr "Per defecte: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
-msgstr ""
+msgstr "ldap_sudorule_user (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
-msgstr ""
+msgstr "Per defecte: sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
-msgstr ""
+msgstr "ldap_sudorule_option (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
-msgstr ""
+msgstr "Per defecte: sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
+msgstr "ldap_sudorule_runasuser (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
-msgstr ""
+msgstr "Per defecte: sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
+msgstr "ldap_sudorule_runasgroup (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
-msgstr ""
+msgstr "Per defecte: sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
+msgstr "ldap_sudorule_notbefore (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
-msgstr ""
+msgstr "Per defecte: sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
-msgstr ""
+msgstr "ldap_sudorule_notafter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
-msgstr ""
+msgstr "Per defecte: sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
-msgstr ""
+msgstr "ldap_sudorule_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
-msgstr ""
+msgstr "Per defecte: sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
-msgstr ""
+msgstr "ldap_sudo_full_refresh_interval (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
-msgstr ""
+msgstr "Per defecte: 21600 (6 hores)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
-msgstr ""
+msgstr "ldap_sudo_smart_refresh_interval (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5789,101 +6196,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
-msgstr ""
+msgstr "ldap_sudo_use_host_filter (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
-msgstr ""
+msgstr "ldap_sudo_hostnames (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
-msgstr ""
+msgstr "ldap_sudo_ip (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
-msgstr ""
+msgstr "ldap_sudo_include_netgroups (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
-msgstr ""
+msgstr "ldap_sudo_include_regexp (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5892,114 +6299,114 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
-msgstr ""
+msgstr "OPCIONS D'AUTOFS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
-msgstr ""
+msgstr "ldap_autofs_map_master_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
-msgstr ""
+msgstr "Per defecte: auto.master"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
+msgstr "ldap_autofs_map_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
-msgstr ""
+msgstr "Per defecte: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
-msgstr ""
+msgstr "ldap_autofs_map_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr "Per defecte: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
+msgstr "ldap_autofs_entry_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
-#| msgid "Default: root"
+#| msgid "Default: automountMap"
msgid "Default: automount"
-msgstr "Per defecte: root"
+msgstr "Per defecte: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
-msgstr ""
+msgstr "ldap_autofs_entry_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr "Per defecte: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
-msgstr ""
+msgstr "ldap_autofs_entry_value (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6008,32 +6415,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr "OPCIONS AVANÇADES"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
-msgstr ""
+msgstr "<note>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -6042,22 +6449,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
-msgstr ""
+msgstr "</note>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
-msgstr ""
+msgstr "ldap_sudo_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
-msgstr ""
+msgstr "ldap_autofs_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -6066,7 +6473,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6077,7 +6484,7 @@ msgstr ""
"replaceable>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6090,26 +6497,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6125,13 +6532,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "NOTES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6141,7 +6548,7 @@ msgstr ""
"Les descripcions d'algunes de les opcions de configuració en aquesta pàgina "
"del manual es basen en la pàgina del manual <citerefentry>de "
"<refentrytitle>ldap.conf</refentrytitle> <manvolnum>5</manvolnum></"
-"citerefentry> de la distribució de OpenLDAP 2.4."
+"citerefentry> de la distribució d'OpenLDAP 2.4."
#. type: Content of: <refentryinfo>
#: pam_sss.8.xml:8 include/upstream.xml:2
@@ -6149,8 +6556,8 @@ msgid ""
"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
"fedorahosted.org/sssd</orgname>"
msgstr ""
-"<productname>SSSD</productname> <orgname>La font de l'SSSD - http://"
-"fedorahosted.org/sssd</orgname>"
+"<productname>SSSD</productname> <orgname>La línia de desenvolupament "
+"principal de l'SSSD - http://fedorahosted.org/sssd</orgname>"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: pam_sss.8.xml:13 pam_sss.8.xml:18
@@ -6164,6 +6571,17 @@ msgstr "Mòdul de PAM per SSSD"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: pam_sss.8.xml:24
+#, fuzzy
+#| msgid ""
+#| "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> "
+#| "</arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> "
+#| "</arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>domains=X</"
+#| "replaceable> </arg>"
msgid ""
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
@@ -6172,90 +6590,99 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
+"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
+"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
"<command>syslog(3)</command> with the LOG_AUTHPRIV facility."
msgstr ""
-"<command>pam_sss.so</command> és la interfície PAM pel System Security "
-"Services daemon (SSSD). Els errors i els resultats es registren a través de "
+"<command>pam_sss.so</command> és la interfície PAM a l'SSSD (System Security "
+"Services daemon). Els errors i els resultats es registren a través de "
"<command>syslog(3)</command> amb el canal LOG_AUTHPRIV."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
-msgstr ""
+msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
-msgstr ""
+msgstr "Suprimeix el registre dels missatges per als usuaris desconeguts."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
-"Si s'estableix <option>forward_pass</option> contrasenya introduïda és posa "
-"a la pila per tal que altres mòduls PAM l'utilitzin."
+"Si s'estableix <option>forward_pass</option>, la contrasenya que "
+"s'introdueix es posa a la pila perquè els altres mòduls del PAM l'utilitzin."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
"available or the password is not appropriate, the user will be denied access."
msgstr ""
-"L'argument use_first_pass força al mòdul a utilitzar una contrasenya apliada "
-"als mòduls anteriors i mai demanarà l'usuari - si no hi ha cap contrasenya o "
-"la contrasenya no és correcte, se li negarà l'accés a l'usuari."
+"L'argument use_first_pass obliga al mòdul que utilitzi una contrasenya "
+"apilada anteriorment dels mòduls i mai ho demanarà l'usuari - si no hi ha "
+"cap contrasenya o no és correcta, es denegarà l'accés a l'usuari."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
-"Quan el canvi de contrasenya força al mòdul a establir la contrasenya nova a "
+"Quan el canvi de contrasenya força al mòdul a establir la nova contrasenya a "
"la proporcionada per un mòdul de contrasenya prèviament apilat."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
-"Si s'especifica l'usuari serà demanat N vegades més per una contrasenya en "
-"cas de fallar l'autenticació. Per defecte és 0."
+"Si s'especifica, en cas de fallar l'autenticació a l'usuari se li demanarà N "
+"vegades més una contrasenya. Per defecte és 0."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -6267,44 +6694,52 @@ msgstr ""
"<option>PasswordAuthentication</option>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
-msgstr ""
+msgstr "<option>ignore_unknown_user</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
+"Si s'especifica aquesta opció i no existeix l'usuari, el mòdul PAM retornarà "
+"PAM_IGNORE. Això provoca que el marc de treball del PAM ignori aquest mòdul."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
-msgstr ""
+msgstr "<option>ignore_authinfo_unavail</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
+"Especifica que el mòdul PAM ha de retornar PAM_IGNORE si no pot contactar "
+"amb el domini SSSD. Això provoca que el marc de treball del PAM ignori "
+"aquest mòdul."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
-msgstr ""
+msgstr "<option>domains</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
"SSSD domain names, as specified in the sssd.conf file."
msgstr ""
+"Permet a l'administrador que restringeixi els dominis que un servei PAM "
+"concret pot autentificar-s'hi. El format és una llista separada per comes "
+"dels noms dels dominis SSSD, com s'especifica al fitxer sssd.conf."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -6312,40 +6747,78 @@ msgid ""
"manvolnum> </citerefentry> manual page for more information on these two PAM "
"responder options."
msgstr ""
+"NOTA: Ha d'utilitzar-se juntament amb les opcions <quote>pam_trusted_users</"
+"quote> i <quote>pam_public_domains</quote>. Si us plau, vegeu la pàgina del "
+"manual de <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> per a més informació sobre aquestes "
+"dues opcions del contestador del PAM."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+#, fuzzy
+#| msgid "<option>domains</option>"
+msgid "<option>allow_missing_name</option>"
+msgstr "<option>domains</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
-msgstr "MÒDUL TIPUS PROPORCIONATS"
+msgstr "TIPUS DE MÒDULS PROPORCIONATS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
-"S'ofereixen tots els tipus de mòdul (<option>compte</option>, <option>auth</"
-"option>, <option>contrasenya</option> i <option>sessió</option>)."
+"Es proporcionen tots els tipus de mòduls (<option>account</option>, "
+"<option>auth</option>, <option>password</option> i <option>session</option>)."
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr "FITXERS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
"This message can e.g. contain instructions about how to reset a password."
msgstr ""
-"Si una contrasenya reinicialitzada per root falla, degut a que el proveïdor "
-"SSSD corresponent no suporta reinicialitzar contrasenyes, es pot mostrar un "
-"missatge concret. Aquest missatge pot contenir, per exemple, instruccions "
-"sobre com restaurar una contrasenya."
+"Si falla el restabliment d'una contrasenya per root, perquè el proveïdor "
+"SSSD corresponent no admet el restabliment de les contrasenyes, es pot "
+"mostrar un missatge concret. Aquest missatge per exemple pot contenir les "
+"instruccions sobre com es restableix una contrasenya."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -6355,17 +6828,25 @@ msgid ""
"the owner of the files and only root may have read and write permissions "
"while all other users must have only read permissions."
msgstr ""
+"El missatge es llegeix del fitxer <filename>pam_sss_pw_reset_message.LOC</"
+"filename> on LOC representa una cadena de la configuració regional retornada "
+"amb <citerefentry> <refentrytitle>setlocale</refentrytitle><manvolnum>3</"
+"manvolnum> </citerefentry>. Si no hi ha cap coincidència, es mostra el "
+"contingut del fitxer <filename>pam_sss_pw_reset_message.txt</filename>. El "
+"propietari dels fitxers ha de ser root i tan sols root ha de tenir els "
+"permisos de lectura i escriptura, mentre que tots els altres usuaris "
+"únicament han de tenir els permisos de lectura."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
"displayed."
msgstr ""
-"Aquests fitxers són buscat al directori <filename>/etc/sssd/customize/"
-"NOM_DE_DOMINI/</filename>. Si no es troba cap fitxer coincident es mostrarà "
-"un missatge genèric."
+"Aquests fitxers se cerquen al directori <filename>/etc/sssd/customize/"
+"NOM_DOMINI/</filename>. Si no hi ha present cap fitxer que hi coincideixi, "
+"es mostrarà un missatge genèric."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
@@ -6411,10 +6892,10 @@ msgid ""
"<command>sssd_krb5_locator_plugin</command> is not available on your system "
"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
msgstr ""
-"No totes les implementacions Kerberos suporten l'ús d'afegitons. Si "
-"<command>sssd_krb5_locator_plugin</command> no està disponible al seu "
-"sistema heu d'editar /etc/krb5.conf per reflectir la seva configuració de "
-"Kerberos."
+"No totes les implementacions del Kerberos admeten l'ús de connectors. Si "
+"<command>sssd_krb5_locator_plugin</command> no estigués disponible al vostre "
+"sistema, heu d'editar /etc/krb5.conf per reflectir la vostra configuració "
+"del Kerberos."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:69
@@ -6432,7 +6913,8 @@ msgstr "sssd-simple"
#: sssd-simple.5.xml:17
msgid "the configuration file for SSSD's 'simple' access-control provider"
msgstr ""
-"el fitxer de configuració per al proveïdor 'simple' de control d'accés d'SSSD"
+"el fitxer de configuració per al proveïdor de control d'accés 'simple' de "
+"l'SSSD"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:24
@@ -6444,12 +6926,12 @@ msgid ""
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> manual page."
msgstr ""
-"Aquesta pàgina del manual descriu la configuració del proveïdor senzill de "
-"control d'accés per <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum></citerefentry>. Per una referència detallada de la "
-"sintaxi, aneu a la secció de <quote>FORMAT DE FITXER</quote> de la pàgina "
-"del manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry>."
+"En aquesta pàgina del manual es descriu la configuració del proveïdor de "
+"control d'accés simple per a <citerefentry> <refentrytitle>sssd</"
+"refentrytitle> <manvolnum>8</manvolnum></citerefentry>. Per a una "
+"referència detallada de la sintaxi, aneu a la secció <quote>FORMAT DEL "
+"FITXER</quote> de la pàgina del manual <citerefentry> <refentrytitle>sssd."
+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:38
@@ -6457,13 +6939,14 @@ msgid ""
"The simple access provider grants or denies access based on an access or "
"deny list of user or group names. The following rules apply:"
msgstr ""
-"El proveïdor d'accés simple accepta o nega l'accés basat en una llista "
-"d'accés o denegació de noms d'usuari grups. S'apliquen les regles següents:"
+"El proveïdor d'accés simple concedeix o denega l'accés basat en una llista "
+"d'accés o denegació dels noms dels usuaris o dels noms dels grups. "
+"S'apliquen les regles següents:"
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-simple.5.xml:43
msgid "If all lists are empty, access is granted"
-msgstr "Si totes les llistes estan buides, s'accepta l'accés"
+msgstr "Si totes les llistes estan buides, es concedeix l'accés"
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-simple.5.xml:47
@@ -6471,9 +6954,9 @@ msgid ""
"If any list is provided, the order of evaluation is allow,deny. This means "
"that any matching deny rule will supersede any matched allow rule."
msgstr ""
-"Si es proporciona alguna llista, l'ordre d'avaluació és accpetar, denegar. "
-"Això significa que qualsevol regla de denegació explícita substituirà "
-"qualsevol regla d'accés."
+"Si es proporciona alguna llista, l'ordre d'avaluació és permissió, "
+"denegació. Això vol dir que qualsevol coincidència amb la regla de denegació "
+"reemplaçarà qualsevol coincidència amb la regla de permissió."
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-simple.5.xml:54
@@ -6481,8 +6964,8 @@ msgid ""
"If either or both \"allow\" lists are provided, all users are denied unless "
"they appear in the list."
msgstr ""
-"Si es proporcionen una o ambdues llistes d'acceptació tots els usuaris són "
-"denegats excepte els que apareixen a la llista."
+"Si es proporcionen una o ambdues llistes de \"permissió\", tots els usuaris "
+"són denegats excepte els que apareixen a la llista."
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-simple.5.xml:60
@@ -6490,8 +6973,8 @@ msgid ""
"If only \"deny\" lists are provided, all users are granted access unless "
"they appear in the list."
msgstr ""
-"Si només es proporcionen llistes de \"denegació\" tots els usuaris tenen "
-"accés excepte els que apareixen a la llista."
+"Si només es proporcionen llistes de \"denegació\", es concedeix l'accés a "
+"tots els usuaris excepte els que apareixen a la llista."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-simple.5.xml:78
@@ -6501,7 +6984,8 @@ msgstr "simple_allow_users (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-simple.5.xml:81
msgid "Comma separated list of users who are allowed to log in."
-msgstr "Llista separada per comes d'usuaris amb permís per iniciar sessió."
+msgstr ""
+"Llista separada per comes dels usuaris a qui se'ls permet iniciar la sessió."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-simple.5.xml:88
@@ -6512,8 +6996,8 @@ msgstr "simple_deny_users (cadena)"
#: sssd-simple.5.xml:91
msgid "Comma separated list of users who are explicitly denied access."
msgstr ""
-"Llista separada per comes d'usuaris amb denegació explícita per iniciar "
-"sessió."
+"Llista separada per comes dels usuaris a qui se'ls denega explícitament "
+"l'accés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-simple.5.xml:97
@@ -6526,8 +7010,9 @@ msgid ""
"Comma separated list of groups that are allowed to log in. This applies only "
"to groups within this SSSD domain. Local groups are not evaluated."
msgstr ""
-"Llista separada per comes de grups que se'ls permet l'entrada. Això s'aplica "
-"només a grups d'aquest domini SSSD. No s'avaluen els grups locals."
+"Llista separada per comes dels grups a qui se'ls permet iniciar la sessió. "
+"Això s'aplica únicament als grups dins d'aquest domini SSSD. No s'avaluen "
+"els grups locals."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-simple.5.xml:108
@@ -6541,22 +7026,22 @@ msgid ""
"applies only to groups within this SSSD domain. Local groups are not "
"evaluated."
msgstr ""
-"Llista separada per comes de grups que tenen l'accés explícitament denegat. "
-"Això s'aplica només a grups d'aquest domini SSSD. No s'avaluen els grups "
-"locals."
+"Llista separada per comes dels grups a qui se'ls denega explícitament "
+"l'accés. Això s'aplica únicament als grups dins d'aquest domini SSSD. No "
+"s'avaluen els grups locals."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> manual page for details on the configuration of an SSSD "
"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
-"Consulteu la secció <quote>SECCIONS DE DOMINI</quote> de la pàgina del "
-"manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> per a més informació sobre la configuració d'un "
-"domini SSSD. <placeholder type=\"variablelist\" id=\"0\"/>"
+"Per a més informació sobre la configuració d'un domini SSSD, consulteu la "
+"secció <quote>SECCIONS DELS DOMINIS</quote> de la pàgina del manual "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:120
@@ -6582,10 +7067,10 @@ msgid ""
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
"This examples shows only the simple access provider-specific options."
msgstr ""
-"L'exemple següent pressuposa que l'SSSD està configurat correctament i "
-"example.com és un dels dominis de la secció <replaceable>[sssd]</"
-"replaceable>. Aquest exemple mostra només les opcions d'accés simple "
-"específiques del proveïdor."
+"En el següent exemple s'assumeix que l'SSD està configurat correctament i "
+"que exemple.com és un dels dominis de la secció <replaceable>[sssd]</"
+"replaceable>. En aquest exemple es mostren únicament les opcions "
+"específiques del proveïdor d'accés simple."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-simple.5.xml:140
@@ -6595,6 +7080,9 @@ msgid ""
"access_provider = simple\n"
"simple_allow_users = user1, user2\n"
msgstr ""
+"[domini/exemple.com]\n"
+"access_provider = simple\n"
+"simple_allow_users = usuari1, usuari2\n"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:150
@@ -6606,6 +7094,13 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
"citerefentry>) option."
msgstr ""
+"La jerarquia completa de la pertinença a un grup es resol abans de la "
+"comprovació de l'accés, de manera que fins i tot els grups imbricats es "
+"poden incloure a les llistes d'accés. Si us plau, tingueu cura que l'opció "
+"<quote>ldap_group_nesting_level</quote> pot influir amb els resultats i s'ha "
+"d'establir amb un valor suficient. L'opció (<citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>)."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
@@ -6615,7 +7110,7 @@ msgstr "sssd-ipa"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-ipa.5.xml:17
msgid "SSSD IPA provider"
-msgstr ""
+msgstr "Proveïdor d'IPA de l'SSSD"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
@@ -6626,10 +7121,10 @@ msgid ""
"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
-"Aquesta pàgina del manual descriu la configuració del proveïdor IPA per "
-"<citerefentry><refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry>. Per una referència detallada sintaxi, aneu a la secció de "
-"<quote>FORMAT DE FITXER</quote> de la pàgina del manual "
+"En aquesta pàgina del manual es descriu la configuració del proveïdor IPA "
+"per a <citerefentry><refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry>. Per una referència detallada sintaxi, aneu a la "
+"secció de <quote>FORMAT DE FITXER</quote> de la pàgina del manual "
"<citerefentry>d'<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum></citerefentry>."
@@ -6641,11 +7136,11 @@ msgid ""
"requires that the machine be joined to the IPA domain; configuration is "
"almost entirely self-discovered and obtained directly from the server."
msgstr ""
-"El proveïdor d'IPA és un back-end utilitzat per connectar a un servidor "
-"d'IPA. (Consuleteu el lloc web freeipa.org per obtenir informació sobre "
-"servidors IPA). Aquest proveïdor requereix afegir la màquina al domini "
-"d'IPA; la configuració s'auto-detecta gairebé totalment i s'obté directament "
-"des del servidor."
+"El proveïdor d'IPA és un programari especialitzat que s'utilitza per "
+"connectar a un servidor IPA. (Consulteu el lloc web freeipa.org per obtenir "
+"informació sobre els servidors IPA). Aquest proveïdor requereix que "
+"s'afegeixi la màquina al domini d'IPA; la configuració s'autodescobreix "
+"gairebé totalment i s'obté directament del servidor."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:43
@@ -6686,13 +7181,13 @@ msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
-"Especifica el nom del domini IPA. Això és opcional. Si no s'especifica "
+"Especifica el nom del domini IPA. És opcional. Si no se n'especifica cap, "
"s'utilitza el nom de domini de la configuració."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:89
msgid "ipa_server, ipa_backup_server (string)"
-msgstr ""
+msgstr "ipa_server, ipa_backup_server (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:92
@@ -6707,7 +7202,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:105
msgid "ipa_hostname (string)"
-msgstr "ipa_hostname (cadeba)"
+msgstr "ipa_hostname (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:108
@@ -6719,22 +7214,22 @@ msgstr ""
"complet utilitzat en el domini d'IPA per identificar aquest amfitrió."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
-msgstr ""
+msgstr "dyndns_update (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6749,12 +7244,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
-msgstr ""
+msgstr "dyndns_ttl (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6775,12 +7270,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
-msgstr ""
+msgstr "dyndns_iface (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6806,17 +7301,17 @@ msgid ""
msgstr "Per defecte: Utilitzar l'adreça IP de la connexió LDAP d'IPA"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:191
msgid "ipa_enable_dns_sites (boolean)"
-msgstr ""
+msgstr "ipa_enable_dns_sites (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6833,12 +7328,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
-msgstr ""
+msgstr "dyndns_refresh_interval (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6846,12 +7341,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
-msgstr ""
+msgstr "dyndns_update_ptr (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6867,62 +7362,62 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:247
msgid "Default: False (disabled)"
-msgstr ""
+msgstr "Per defecte: False (inhabilitat)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
-msgstr ""
+msgstr "dyndns_force_tcp (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
#, fuzzy
-#| msgid "ldap_dns_service_name (string)"
+#| msgid "dyndns_iface (string)"
msgid "dyndns_server (string)"
-msgstr "ldap_dns_service_name (cadena)"
+msgstr "dyndns_iface (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:290
msgid "ipa_hbac_search_base (string)"
-msgstr ""
+msgstr "ipa_hbac_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:293
@@ -6932,12 +7427,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:297
msgid "Default: Use base DN"
-msgstr ""
+msgstr "Per defecte: Utilitza el DN base"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:303
msgid "ipa_host_search_base (string)"
-msgstr ""
+msgstr "ipa_host_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:306
@@ -6960,7 +7455,7 @@ msgstr "Per defecte: el valor de <emphasis>ldap_search_base</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:322
msgid "ipa_selinux_search_base (string)"
-msgstr ""
+msgstr "ipa_selinux_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:325
@@ -6970,7 +7465,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:341
msgid "ipa_subdomains_search_base (string)"
-msgstr ""
+msgstr "ipa_subdomains_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:344
@@ -6985,7 +7480,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:360
msgid "ipa_master_domain_search_base (string)"
-msgstr ""
+msgstr "ipa_master_domain_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:363
@@ -7000,7 +7495,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:379
msgid "ipa_views_search_base (string)"
-msgstr ""
+msgstr "ipa_views_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:382
@@ -7027,7 +7522,7 @@ msgstr ""
"suplantada."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -7060,7 +7555,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416
msgid "krb5_use_fast (string)"
-msgstr ""
+msgstr "krb5_use_fast (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419
@@ -7092,7 +7587,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:468
msgid "Default: try"
-msgstr ""
+msgstr "Per defecte: try"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444
@@ -7103,26 +7598,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
-msgstr ""
+msgstr "krb5_confd_path (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -7130,7 +7625,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:498
msgid "ipa_hbac_refresh (integer)"
-msgstr ""
+msgstr "ipa_hbac_refresh (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:501
@@ -7141,14 +7636,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
-msgstr ""
+msgstr "Per defecte: 5 (segons)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:514
msgid "ipa_hbac_selinux (integer)"
-msgstr ""
+msgstr "ipa_hbac_selinux (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:517
@@ -7161,7 +7656,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:530
msgid "ipa_server_mode (boolean)"
-msgstr ""
+msgstr "ipa_server_mode (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:533
@@ -7178,7 +7673,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:548
msgid "ipa_automount_location (string)"
-msgstr ""
+msgstr "ipa_automount_location (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:551
@@ -7198,7 +7693,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:571
msgid "ipa_view_class (string)"
-msgstr ""
+msgstr "ipa_view_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:574
@@ -7208,12 +7703,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:577
msgid "Default: nsContainer"
-msgstr ""
+msgstr "Per defecte: nsContainer"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:583
msgid "ipa_view_name (string)"
-msgstr ""
+msgstr "ipa_view_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:586
@@ -7223,7 +7718,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:596
msgid "ipa_overide_object_class (string)"
-msgstr ""
+msgstr "ipa_overide_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:599
@@ -7233,12 +7728,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:602
msgid "Default: ipaOverrideAnchor"
-msgstr ""
+msgstr "Per defecte: ipaOverrideAnchor"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:608
msgid "ipa_anchor_uuid (string)"
-msgstr ""
+msgstr "ipa_anchor_uuid (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:611
@@ -7250,12 +7745,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:615
msgid "Default: ipaAnchorUUID"
-msgstr ""
+msgstr "Per defecte: ipaAnchorUUID"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:621
msgid "ipa_user_override_object_class (string)"
-msgstr ""
+msgstr "ipa_user_override_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:624
@@ -7272,47 +7767,47 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:632
msgid "ldap_user_name"
-msgstr ""
+msgstr "ldap_user_name"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:635
msgid "ldap_user_uid_number"
-msgstr ""
+msgstr "ldap_user_uid_number"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:638
msgid "ldap_user_gid_number"
-msgstr ""
+msgstr "ldap_user_gid_number"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:641
msgid "ldap_user_gecos"
-msgstr ""
+msgstr "ldap_user_gecos"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:644
msgid "ldap_user_home_directory"
-msgstr ""
+msgstr "ldap_user_home_directory"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:647
msgid "ldap_user_shell"
-msgstr ""
+msgstr "ldap_user_shell"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:650
msgid "ldap_user_ssh_public_key"
-msgstr ""
+msgstr "ldap_user_ssh_public_key"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:655
msgid "Default: ipaUserOverride"
-msgstr ""
+msgstr "Per defecte: ipaUserOverride"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:661
msgid "ipa_group_override_object_class (string)"
-msgstr ""
+msgstr "ipa_group_override_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:664
@@ -7329,17 +7824,17 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:672
msgid "ldap_group_name"
-msgstr ""
+msgstr "ldap_group_name"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:675
msgid "ldap_group_gid_number"
-msgstr ""
+msgstr "ldap_group_gid_number"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:680
msgid "Default: ipaGroupOverride"
-msgstr ""
+msgstr "Per defecte: ipaGroupOverride"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd-ipa.5.xml:564
@@ -7354,7 +7849,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ipa.5.xml:690
msgid "SUBDOMAINS PROVIDER"
-msgstr ""
+msgstr "PROVEÏDOR DELS SUBDOMINIS"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:692
@@ -7390,10 +7885,10 @@ msgid ""
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
"This examples shows only the ipa provider-specific options."
msgstr ""
-"L'exemple següent pressuposa que l'SSD està configurat correctament i "
-"example.com és un dels dominis de la secció <replaceable>[sssd]</"
-"replaceable>. Aquest exemple mostra només opcions específiques del proveïdor "
-"IPA."
+"En el següent exemple s'assumeix que l'SSD està configurat correctament i "
+"que exemple.com és un dels dominis de la secció <replaceable>[sssd]</"
+"replaceable>. En aquest exemple es mostren únicament les opcions "
+"específiques del proveïdor IPA."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-ipa.5.xml:726
@@ -7404,16 +7899,20 @@ msgid ""
"ipa_server = ipaserver.example.com\n"
"ipa_hostname = myhost.example.com\n"
msgstr ""
+"[domini/exemple.com]\n"
+"id_provider = ipa\n"
+"ipa_server = servidoripa.exemple.com\n"
+"ipa_hostname = elmeuanfitrio.exemple.com\n"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-ad.5.xml:10 sssd-ad.5.xml:16
msgid "sssd-ad"
-msgstr ""
+msgstr "sssd-ad"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-ad.5.xml:17
msgid "SSSD Active Directory provider"
-msgstr ""
+msgstr "Proveïdor d'Active Directory de l'SSSD"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:23
@@ -7443,13 +7942,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7459,23 +7959,25 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
" "
msgstr ""
+"ldap_id_mapping = False\n"
+" "
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -7488,7 +7990,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -7496,53 +7998,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
-msgstr ""
+msgstr "ad_domain (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
-msgstr ""
+msgstr "ad_server, ad_backup_server (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
-msgid "ad_hostname (string)"
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
+msgid "ad_hostname (string)"
+msgstr "ad_hostname (cadena)"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7550,19 +8064,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
-msgstr ""
+msgstr "ad_enable_dns_sites (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7573,12 +8087,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
-msgstr ""
+msgstr "ad_access_filter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7587,7 +8101,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7596,7 +8110,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7605,14 +8119,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7621,7 +8135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7636,29 +8150,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
-msgstr ""
+msgstr "Per defecte: Sense establir"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
-msgstr ""
+msgstr "ad_site (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
-msgstr ""
+msgstr "ad_enable_gc (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7667,7 +8181,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7676,12 +8190,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
-msgstr ""
+msgstr "ad_gpo_access_control (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7691,14 +8205,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7711,23 +8225,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7735,22 +8249,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
-msgstr ""
+msgstr "Per defecte: permissive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
-msgstr ""
+msgstr "Per defecte: enforcing"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
-msgstr ""
+msgstr "ad_gpo_cache_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7758,12 +8272,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
-msgstr ""
+msgstr "ad_gpo_map_interactive (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7771,22 +8285,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
" "
msgstr ""
+"ad_gpo_map_interactive = +my_pam_service, -login\n"
+" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7798,53 +8314,80 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
-msgstr ""
+msgstr "login"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
-msgstr ""
+msgstr "su"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
-msgstr ""
+msgstr "su-l"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
-msgstr ""
+msgstr "gdm-fingerprint"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
-msgstr ""
+msgstr "gdm-password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
-msgstr ""
+msgstr "gdm-smartcard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
+msgstr "kdm"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+#, fuzzy
+#| msgid "kdm"
+msgid "xdm"
+msgstr "kdm"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
-msgstr ""
+msgstr "ad_gpo_map_remote_interactive (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7852,7 +8395,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7860,15 +8403,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
" "
msgstr ""
+"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
+" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7880,17 +8425,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
+msgstr "sshd"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
-msgstr ""
+msgstr "ad_gpo_map_network (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7898,7 +8448,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7906,15 +8456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
" "
msgstr ""
+"ad_gpo_map_network = +my_pam_service, -ftp\n"
+" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7926,22 +8478,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
-msgstr ""
+msgstr "ftp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
-msgstr ""
+msgstr "samba"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
-msgstr ""
+msgstr "ad_gpo_map_batch (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7949,22 +8501,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
" "
msgstr ""
+"ad_gpo_map_batch = +my_pam_service, -crond\n"
+" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7976,17 +8530,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
-msgstr ""
+msgstr "crond"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
-msgstr ""
+msgstr "ad_gpo_map_service (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7994,22 +8548,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
" "
msgstr ""
+"ad_gpo_map_service = +my_pam_service\n"
+" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -8020,27 +8576,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
-msgstr ""
+msgstr "ad_gpo_map_permit (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
" "
msgstr ""
+"ad_gpo_map_permit = +my_pam_service, -sudo\n"
+" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8052,47 +8610,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
-msgid "sudo"
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:650
+msgid "sudo"
+msgstr "sudo"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:655
msgid "sudo-i"
-msgstr ""
+msgstr "sudo-i"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
-msgstr ""
+msgstr "systemd-user"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
-msgstr ""
+msgstr "ad_gpo_map_deny (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
" "
msgstr ""
+"ad_gpo_map_deny = +my_pam_service\n"
+" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
-msgstr ""
+msgstr "ad_gpo_default_right (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -8105,52 +8670,96 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 300"
+msgid "Default: 30 days"
+msgstr "Per defecte: 300"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+#, fuzzy
+#| msgid "pam_account_expired_message (string)"
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr "pam_account_expired_message (cadena)"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr "Per defecte: 86400 (24 hores)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -8161,12 +8770,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
-msgstr ""
+msgstr "Per defecte: 3600 (segons)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
#, fuzzy
#| msgid "Default: Use the IP address of the IPA LDAP connection"
msgid ""
@@ -8175,24 +8784,24 @@ msgid ""
msgstr "Per defecte: Utilitzar l'adreça IP de la connexió LDAP d'IPA"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
-msgstr ""
+msgstr "Per defecte: True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
-msgstr ""
+msgstr "krb5_use_enterprise_principal (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8200,7 +8809,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -8213,18 +8822,30 @@ msgid ""
"ad_hostname = client.example.com\n"
"ad_domain = example.com\n"
msgstr ""
+"[domain/EXEMPLE]\n"
+"id_provider = ad\n"
+"auth_provider = ad\n"
+"access_provider = ad\n"
+"chpass_provider = ad\n"
+"\n"
+"ad_server = dc1.exemple.com\n"
+"ad_hostname = client.exemple.com\n"
+"ad_domain = exemple.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
"ldap_access_order = expire\n"
"ldap_account_expire_policy = ad\n"
msgstr ""
+"access_provider = ldap\n"
+"ldap_access_order = expire\n"
+"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -8232,7 +8853,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -8241,10 +8862,18 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
-msgstr ""
+msgstr "sssd-sudo"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-sudo.5.xml:17
@@ -8288,7 +8917,7 @@ msgstr ""
#: sssd-sudo.5.xml:57
#, no-wrap
msgid "sudoers: files sss\n"
-msgstr ""
+msgstr "sudoers: files sss\n"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:61
@@ -8348,6 +8977,16 @@ msgid ""
"ldap_uri = ldap://example.com\n"
"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
msgstr ""
+"[sssd]\n"
+"config_file_version = 2\n"
+"services = nss, pam, sudo\n"
+"domains = EXEMPLE\n"
+"\n"
+"[domain/EXEMPLE]\n"
+"id_provider = ldap\n"
+"sudo_provider = ldap\n"
+"ldap_uri = ldap://exemple.com\n"
+"ldap_sudo_search_base = ou=sudoers,dc=exemple,dc=com\n"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:112
@@ -8415,12 +9054,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
#: sssd-sudo.5.xml:159
msgid "keyword ALL"
-msgstr ""
+msgstr "paraula clau ALL"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
#: sssd-sudo.5.xml:164
msgid "wildcard"
-msgstr ""
+msgstr "comodí"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
#: sssd-sudo.5.xml:169
@@ -8460,7 +9099,9 @@ msgstr "sssd"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd.8.xml:16
msgid "System Security Services Daemon"
-msgstr "Dimoni de Serveis de Seguretat de Sistema"
+msgstr ""
+"dimoni dels serveis de seguretat del sistema (System Security Services "
+"Daemon)"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sssd.8.xml:21
@@ -8483,12 +9124,13 @@ msgid ""
"extended user data."
msgstr ""
"L'<command>SSSD</command> proporciona un conjunt de dimonis per gestionar "
-"l'accés a directoris remots i mecanismes d'autenticació. Proporciona una "
-"interfície NSS i PAM cap el sistema i un mètode d'afegitons per connectar a "
-"múltiples fonts de comptes diferents així com a l'interfície D-Bus. També és "
-"la base per proporcionar auditació de clients i polítiques de serveis per a "
-"projectes com FreeIPA. Proporciona una base de dades més robusta on "
-"emmagatzemar usuaris locals, així com dades addicionals d'usuari."
+"l'accés als directoris remots i els mecanismes d'autenticació. Proporciona "
+"una interfície NSS i PAM cap al sistema i un sistema d'accés a la capa de "
+"dades amb connectors per connectar a orígens múltiples de comptes diferents, "
+"com ara la interfície D-Bus. També és la base per proporcionar l'auditoria "
+"dels clients i les polítiques dels serveis per a projectes com FreeIPA. "
+"Proporciona una base de dades més robusta on emmagatzemar els usuaris "
+"locals, així com dades addicionals de l'usuari."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:46
@@ -8502,33 +9144,39 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:53
msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
+msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:57
msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
msgstr ""
+"<emphasis>1</emphasis>: Afegeix una marca temporal als registres de depuració"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:60
msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
msgstr ""
+"<emphasis>0</emphasis>: Inhabilita la marca temporal als registres de "
+"depuració"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:69
msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
+msgstr "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:73
msgid ""
"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
msgstr ""
+"<emphasis>1</emphasis>: Afegeix els mil·lisegons a les marques temporals als "
+"missatges de depuració"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:76
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr ""
+"<emphasis>0</emphasis>: Inhabilita els mil·lisegons a les marques temporals"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
@@ -8542,9 +9190,10 @@ msgid ""
"are stored in <filename>/var/log/sssd</filename> and there are separate log "
"files for every SSSD service and domain."
msgstr ""
-"Envia la sortida de depuració a fitxers en comptes d'stderr. Per defecte els "
-"fitxers de registre s'emmagatzemen a <filename>/var/log/sssd</filename> i hi "
-"ha fitxers de registre separats per a cada servei d'SSSD i domini."
+"Envia la sortida de depuració als fitxers en comptes de l'stderr. Per "
+"defecte, els fitxers dels registres s'emmagatzemen a <filename>/var/log/"
+"sssd</filename> i hi ha fitxers dels registres que se separen per a cadascun "
+"dels serveis i dels dominis de l'SSSD."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:97
@@ -8554,7 +9203,7 @@ msgstr "<option>-D</option>,<option>--daemon</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:101
msgid "Become a daemon after starting up."
-msgstr "Esdevé un dimoni després d'iniciar-se."
+msgstr "Esdevé un dimoni després de la posada en marxa."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:107 sss_seed.8.xml:136
@@ -8564,7 +9213,7 @@ msgstr "<option>-i</option>,<option>--interactive</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:111
msgid "Run in the foreground, don't become a daemon."
-msgstr "Executa en primer pla, no esdevenir un dimoni."
+msgstr "Executa en primer pla, no esdevinguis un dimoni."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:117 sss_debuglevel.8.xml:42
@@ -8579,21 +9228,21 @@ msgid ""
"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
-"Especifi un fitxer de configuració direfent al per defecte. Per defecte és "
-"<filename>/etc/sssd/sssd.conf</filename>. Per consultar a la sintaxi del "
-"fitxer de configuració i les opcions, aneu a la pàgina del manual "
-"<citerefentry>d'<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"Especifica un fitxer de configuració diferent al predeterminat. Per defecte "
+"és <filename>/etc/sssd/sssd.conf</filename>. Per consultar la sintaxi del "
+"fitxer de configuració i les opcions, aneu a la pàgina del manual del "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum></citerefentry>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:135
msgid "<option>--version</option>"
-msgstr ""
+msgstr "<option>--version</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:139
msgid "Print version number and exit."
-msgstr ""
+msgstr "Imprimeix el número de la versió i surt."
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.8.xml:147
@@ -8611,8 +9260,8 @@ msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
-"Informa l'SSSD per finalitzar elegantment tots els seus processos fil i "
-"llavors apagar el monitor."
+"Informa l'SSSD per finalitzar elegantment tots els seus processos fills i "
+"després atura el monitor."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:159
@@ -8626,7 +9275,7 @@ msgid ""
"close and reopen them. This is meant to facilitate log rolling with programs "
"like logrotate."
msgstr ""
-"Diu a l'SSSD que deixi d'escriure als actual descriptors de fitxers de "
+"Diu a l'SSSD que deixi d'escriure als actuals descriptors de fitxers de "
"depuració i que els tanqui i els reobri. Això intenta facilitar la rotació "
"dels registres amb programes com logrotate."
@@ -8643,6 +9292,9 @@ msgid ""
"signal can be sent to either the sssd process or any sssd_be process "
"directly."
msgstr ""
+"Diu a l'SSSD que simuli l'operació sense connexió pel període del paràmetre "
+"<quote>offline_timeout</quote>. Això és útil per fer proves. El senyal es "
+"pot enviar directament al procés sssd o sssd_be."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:182
@@ -8656,6 +9308,8 @@ msgid ""
"signal can be sent to either the sssd process or any sssd_be process "
"directly."
msgstr ""
+"Diu a l'SSSD que es desconnecti immediatament. Això és útil per fer proves. "
+"El senyal es pot enviar directament al procés sssd o sssd_be."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.8.xml:197
@@ -8663,6 +9317,8 @@ msgid ""
"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
"applications will not use the fast in memory cache."
msgstr ""
+"Si la variable d'entorn SSS_NSS_USE_MEMCACHE està establerta a \"NO\", les "
+"aplicacions clients no utilitzaran el fast en la memòria cau."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
@@ -8672,7 +9328,7 @@ msgstr "sss_obfuscate"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_obfuscate.8.xml:16
msgid "obfuscate a clear text password"
-msgstr "ofusca una contrasenya de text clar"
+msgstr "ofusca una contrasenya en text clar"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_obfuscate.8.xml:21
@@ -8692,9 +9348,9 @@ msgid ""
"unreadable format and places it into appropriate domain section of the SSSD "
"config file."
msgstr ""
-"<command>sss_obfuscate</command> converteix una contrasenya especificada en "
-"un format illegible per humans i la col·loca a la secció de domini adequada "
-"de l'arxiu de configuració d'SSSD."
+"<command>sss_obfuscate</command> converteix una contrasenya especificada a "
+"un format illegible per als humans i la posa a la secció del domini adequat "
+"del fitxer de configuració de l'SSSD."
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_obfuscate.8.xml:37
@@ -8707,6 +9363,13 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more details on these parameters."
msgstr ""
+"La contrasenya en text clar es llegeix de l'entrada estàndard o s'introdueix "
+"de forma interactiva. La contrasenya ofuscada es fica al paràmetre "
+"<quote>ldap_default_authtok</quote> del domini SSSD indicat, i el paràmetre "
+"<quote>ldap_default_authtok_type</quote> s'estableix a "
+"<quote>obfuscated_password</quote>. Consulteu <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> per a més detalls sobre aquests paràmetres."
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_obfuscate.8.xml:49
@@ -8717,11 +9380,11 @@ msgid ""
"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
"advised."
msgstr ""
-"Si us plau fixi's que ofuscar contrasenyes <emphasis>no proporciona cap "
-"benefici real de seguretat</emphasis> ja que un atacant encara podria "
+"Tingueu en compte que ofuscar les contrasenyes <emphasis>no proporciona cap "
+"benefici real de seguretat</emphasis>, ja que un atacant encara podria "
"extreure la contrasenya amb enginyeria inversa. Es recomana "
"<emphasis>aferrissadament</emphasis> l'ús de mecanismes d'autenticació "
-"millors com certificats de client o GSSAPI."
+"millors com els certificats al cantó del client o el GSSAPI."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_obfuscate.8.xml:63
@@ -8734,7 +9397,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr "La contrasenya per ofuscar es llegirà de l'entrada estàndard."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8749,7 +9412,7 @@ msgid ""
"The SSSD domain to use the password in. The default name is <quote>default</"
"quote>."
msgstr ""
-"El domini SSSD on utilitzar la contrasenya. El nom per defecte és "
+"El domini SSSD on s'utilitza la contrasenya. El nom per defecte és "
"<quote>default</quote>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
@@ -8763,7 +9426,8 @@ msgstr ""
#: sss_obfuscate.8.xml:91
msgid "Read the config file specified by the positional parameter."
msgstr ""
-"Llegeix el fitxer de configuració especificat pel paràmetre de posició."
+"Llegeix el fitxer de configuració que s'especifica amb el paràmetre "
+"posicional."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_obfuscate.8.xml:95
@@ -8773,9 +9437,9 @@ msgstr "Per defecte: <filename>/etc/sssd/sssd.conf</filename>"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_override.8.xml:10 sss_override.8.xml:15
#, fuzzy
-#| msgid "sss_useradd"
+#| msgid "sss_userdel"
msgid "sss_override"
-msgstr "sss_useradd"
+msgstr "sss_userdel"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_override.8.xml:16
@@ -8786,7 +9450,7 @@ msgstr ""
#: sss_override.8.xml:21
#, fuzzy
#| msgid ""
-#| "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
+#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
#| "arg>"
msgid ""
@@ -8794,9 +9458,9 @@ msgid ""
"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
"arg>"
msgstr ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>OPCIONS</"
-"replaceable></arg> <arg choice='plain'> <replaceable>INICI DE SESSIÓ</"
-"replaceable></arg>"
+"<command>sss_userdel</command> <arg choice='opt'> <replaceable>opcions</"
+"replaceable> </arg> <arg choice='plain'><replaceable>USUARI</replaceable></"
+"arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:32
@@ -8809,17 +9473,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8827,50 +9496,92 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
+#, fuzzy
+#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
+"<option>--delattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMINI</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+#, fuzzy
+#| msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+"<option>--setattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8878,29 +9589,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8908,39 +9619,77 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
+#, fuzzy
+#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
+"<option>--delattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMINI</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8948,49 +9697,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
-#| msgid "CONFIGURATION OPTIONS"
+#| msgid "SUDO OPTIONS"
msgid "COMMON OPTIONS"
-msgstr "OPCIONS DE CONFIGURACIÓ"
+msgstr "OPCIONS DE SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
-#| msgid ""
-#| "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-#| "replaceable>"
+#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
msgstr ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>NIVELL</"
-"replaceable>"
+"<option>--delattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
@@ -9000,7 +9746,7 @@ msgstr "sss_useradd"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_useradd.8.xml:16
msgid "create a new user"
-msgstr "crea un usuari nou"
+msgstr "crea un nou usuari"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_useradd.8.xml:21
@@ -9010,8 +9756,8 @@ msgid ""
"arg>"
msgstr ""
"<command>sss_useradd</command> <arg choice='opt'> <replaceable>OPCIONS</"
-"replaceable></arg> <arg choice='plain'> <replaceable>INICI DE SESSIÓ</"
-"replaceable></arg>"
+"replaceable></arg> <arg choice='plain'> <replaceable>USUARI</replaceable></"
+"arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_useradd.8.xml:32
@@ -9019,8 +9765,8 @@ msgid ""
"<command>sss_useradd</command> creates a new user account using the values "
"specified on the command line plus the default values from the system."
msgstr ""
-"<command>sss_useradd</command> crea un nou compte d'usuari utilitzant els "
-"valors especificats a la línia d'ordres més els valors per defecte del "
+"<command>sss_useradd</command> crea un nou compte d'usuari amb els valors "
+"que s'especifiquen en la línia d'ordres més els valors per defecte del "
"sistema."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
@@ -9036,8 +9782,8 @@ msgid ""
"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
"not given, it is chosen automatically."
msgstr ""
-"Especifica l'UID de l'usuari al valor d'<replaceable>UID</replaceable>. Si "
-"no es dóna, és seleccionat automàticament."
+"Estableix l'UID de l'usuari al valor de l'<replaceable>UID</replaceable>. Si "
+"no se'n proporciona cap, es tria automàticament."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100
@@ -9054,8 +9800,8 @@ msgid ""
"Any text string describing the user. Often used as the field for the user's "
"full name."
msgstr ""
-"Qualsevol cadena de text que descriu a l'usuari. Sovint s'utilitza com el "
-"camp pel nom i cognoms de l'usuari."
+"Qualsevol cadena de text amb la descripció de l'usuari. Sovint s'utilitza "
+"com a camp per al nom complet de l'usuari."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112
@@ -9063,7 +9809,7 @@ msgid ""
"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
"replaceable>"
msgstr ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
+"<option>-h</option>,<option>--home</option> <replaceable>DIRECTORI_INICIAL</"
"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
@@ -9075,19 +9821,18 @@ msgid ""
"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
"baseDirectory</quote> setting in sssd.conf."
msgstr ""
-"El directori personal del compte d'usuari. Per defecte s'afegeix el "
-"<replaceable>NOM D'USUARI</replaceable> a <filename>/ home</filename> i "
-"s'utilitza allò com el directori personal. La base que s'afegeix abans del "
-"<replaceable>NOM D'USUARI</replaceable> és personalitzable amb el paràmetre "
-"<quote>user_defaults/baseDirectory</quote> de l'sssd.conf."
+"El directori inicial del compte de l'usuari. Per defecte s'afegeix "
+"l'<replaceable>USUARI</replaceable> a <filename>/home</filename> i "
+"s'utilitza aquest com el directori inicial. La base que s'afegeix abans de "
+"l'<replaceable>USUARI</replaceable> es pot personalitzar amb l'ajust "
+"<quote>user_defaults/baseDirectory</quote> a l'sssd.conf."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124
msgid ""
"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
msgstr ""
-"<option>-s</option>,<option>--shell</option> <replaceable>INTÈRPRET "
-"D'ORDRES</replaceable>"
+"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:87
@@ -9096,8 +9841,8 @@ msgid ""
"filename>. The default can be changed with <quote>user_defaults/"
"defaultShell</quote> setting in sssd.conf."
msgstr ""
-"L'intèrpret d'ordres de l'usuari. Per defecte és <filename>/bin/bash</"
-"filename>. Es pot canviar el valor per defecte amb el paràmetre "
+"El shell d'inici de sessió de l'usuari. Per defecte és <filename>/bin/bash</"
+"filename>. Es pot canviar el valor per defecte amb l'ajust "
"<quote>user_defaults/defaultShell</quote> de l'sssd.conf."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
@@ -9112,7 +9857,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:101
msgid "A list of existing groups this user is also a member of."
-msgstr "Una llista dels grups existents on n'és també membre aquest usuari."
+msgstr "Una llista dels grups existents que aquest usuari també n'és membre."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:107
@@ -9126,9 +9871,9 @@ msgid ""
"directories contained in the skeleton directory (which can be defined with "
"the -k option or in the config file) will be copied to the home directory."
msgstr ""
-"Crea el directori personal de l'usuari si no existeix. Al directori personal "
-"es copiaran els fitxers i directoris continguts en el directori esquelet "
-"(que es pot definir amb l'opció -k o en el fitxer de configuració)."
+"Crea el directori inicial de l'usuari si no existeix. Al directori inicial "
+"es copiaran els fitxers i els directoris continguts al directori esquemàtic "
+"(que es pot definir amb l'opció -k o al fitxer de configuració)."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:121
@@ -9140,7 +9885,7 @@ msgstr "<option>-M</option>,<option>--no-create-home</option>"
msgid ""
"Do not create the user's home directory. Overrides configuration settings."
msgstr ""
-"No crea el directori personal de l'usuari. Invalida els paràmetres de "
+"No crea el directori inicial de l'usuari. Substitueix els ajusts de la "
"configuració."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
@@ -9149,8 +9894,8 @@ msgid ""
"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
"replaceable>"
msgstr ""
-"<option>-k</option>,<option>--skel</option> <replaceable>DIRECTORI ESQUELET</"
-"replaceable>"
+"<option>-k</option>,<option>--skel</option> "
+"<replaceable>DIRECTORI_ESQUEMÀTIC</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:137
@@ -9159,6 +9904,9 @@ msgid ""
"the user's home directory, when the home directory is created by "
"<command>sss_useradd</command>."
msgstr ""
+"El directori esquemàtic que conté els fitxers i els directoris per copiar al "
+"directori inicial de l'usuari, quan es crea el directori inicial amb "
+"<command>sss_useradd</command>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:143
@@ -9166,6 +9914,8 @@ msgid ""
"Special files (block devices, character devices, named pipes and unix "
"sockets) will not be copied."
msgstr ""
+"No es copiaran els fitxers especials (dispositius de blocs, dispositius de "
+"caràcters, canonades amb noms i sòcols d'UNIX)."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:147
@@ -9174,6 +9924,9 @@ msgid ""
"home</option>) option is specified, or creation of home directories is set "
"to TRUE in the configuration."
msgstr ""
+"Aquesta opció tan sols és vàlida si s'especifica l'opció <option>-m</option> "
+"(o <option>--create-home</option>), o bé la creació dels directoris inicials "
+"està establerta a TRUE a la configuració."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:156 sss_usermod.8.xml:124
@@ -9188,11 +9941,13 @@ msgid ""
"The SELinux user for the user's login. If not specified, the system default "
"will be used."
msgstr ""
+"L'usuari de SELinux per a l'inici de sessió de l'usuari. Si no s'especifica, "
+"s'utilitzarà el predeterminat del sistema."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
msgid "sssd-krb5"
-msgstr ""
+msgstr "sssd-krb5"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-krb5.5.xml:17
@@ -9264,7 +10019,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:113
msgid "krb5_kpasswd, krb5_backup_kpasswd (string)"
-msgstr ""
+msgstr "krb5_kpasswd, krb5_backup_kpasswd (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:116
@@ -9286,12 +10041,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:129
msgid "Default: Use the KDC"
-msgstr ""
+msgstr "Per defecte: Utilitza el KDC"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:135
msgid "krb5_ccachedir (string)"
-msgstr ""
+msgstr "krb5_ccachedir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:138
@@ -9304,37 +10059,37 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:145
msgid "Default: /tmp"
-msgstr ""
+msgstr "Per defecte: /tmp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:151
msgid "krb5_ccname_template (string)"
-msgstr ""
+msgstr "krb5_ccname_template (cadena)"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
msgid "%u"
-msgstr ""
+msgstr "%u"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
msgid "login name"
-msgstr ""
+msgstr "nom d'usuari"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
msgid "%U"
-msgstr ""
+msgstr "%U"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:170
msgid "login UID"
-msgstr ""
+msgstr "UID de l'usuari"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:173
msgid "%p"
-msgstr ""
+msgstr "%p"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:174
@@ -9344,22 +10099,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:178
msgid "%r"
-msgstr ""
+msgstr "%r"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:179
msgid "realm name"
-msgstr ""
+msgstr "nom real"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:182
msgid "%h"
-msgstr ""
+msgstr "%h"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
msgid "home directory"
-msgstr ""
+msgstr "directori inicial"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
@@ -9384,7 +10139,7 @@ msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:199 include/override_homedir.xml:45
msgid "%%"
-msgstr ""
+msgstr "%%"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:200 include/override_homedir.xml:46
@@ -9434,12 +10189,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:234
msgid "Default: (from libkrb5)"
-msgstr ""
+msgstr "Per defecte: (del libkrb5)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:240
msgid "krb5_auth_timeout (integer)"
-msgstr ""
+msgstr "krb5_auth_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:243
@@ -9463,7 +10218,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:272
msgid "krb5_keytab (string)"
-msgstr ""
+msgstr "krb5_keytab (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:275
@@ -9475,12 +10230,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:279
msgid "Default: /etc/krb5.keytab"
-msgstr ""
+msgstr "Per defecte: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:285
msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
+msgstr "krb5_store_password_if_offline (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:288
@@ -9500,7 +10255,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:306
msgid "krb5_renewable_lifetime (string)"
-msgstr ""
+msgstr "krb5_renewable_lifetime (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:309
@@ -9512,22 +10267,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
msgid "<emphasis>s</emphasis> for seconds"
-msgstr ""
+msgstr "<emphasis>s</emphasis> per segons"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388
msgid "<emphasis>m</emphasis> for minutes"
-msgstr ""
+msgstr "<emphasis>m</emphasis> per minuts"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391
msgid "<emphasis>h</emphasis> for hours"
-msgstr ""
+msgstr "<emphasis>h</emphasis> per hores"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394
msgid "<emphasis>d</emphasis> for days."
-msgstr ""
+msgstr "<emphasis>d</emphasis> per dies."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397
@@ -9549,7 +10304,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:341
msgid "krb5_lifetime (string)"
-msgstr ""
+msgstr "krb5_lifetime (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:344
@@ -9579,7 +10334,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:376
msgid "krb5_renew_interval (string)"
-msgstr ""
+msgstr "krb5_renew_interval (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:379
@@ -9621,7 +10376,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:453
msgid "krb5_fast_principal (string)"
-msgstr ""
+msgstr "krb5_fast_principal (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:456
@@ -9643,7 +10398,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:520
msgid "krb5_map_user (string)"
-msgstr ""
+msgstr "krb5_map_user (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:523
@@ -9662,6 +10417,8 @@ msgid ""
"krb5_realm = REALM\n"
"krb5_map_user = joe:juser,dick:richard\n"
msgstr ""
+"krb5_realm = REALM\n"
+"krb5_map_user = joe:juser,dick:richard\n"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:540
@@ -9701,16 +10458,20 @@ msgid ""
"krb5_server = 192.168.1.1\n"
"krb5_realm = EXAMPLE.COM\n"
msgstr ""
+"[domain/FOO]\n"
+"auth_provider = krb5\n"
+"krb5_server = 192.168.1.1\n"
+"krb5_realm = EXEMPLE.COM\n"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
msgid "sss_groupadd"
-msgstr ""
+msgstr "sss_groupadd"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_groupadd.8.xml:16
msgid "create a new group"
-msgstr ""
+msgstr "crea un nou grup"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_groupadd.8.xml:21
@@ -9719,6 +10480,8 @@ msgid ""
"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
"arg>"
msgstr ""
+"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>opcions</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GRUP</replaceable></arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupadd.8.xml:32
@@ -9727,12 +10490,16 @@ msgid ""
"compatible with POSIX groups, with the additional feature that they can "
"contain other groups as members."
msgstr ""
+"<command>sss_groupadd</command> crea un nou grup. Aquests grups són "
+"compatibles amb els grups POSIX, amb la característica addicional que poden "
+"contenir altres grups com a membres."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_groupadd.8.xml:43 sss_seed.8.xml:88
msgid ""
"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
msgstr ""
+"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_groupadd.8.xml:48
@@ -9740,16 +10507,18 @@ msgid ""
"Set the GID of the group to the value of <replaceable>GID</replaceable>. If "
"not given, it is chosen automatically."
msgstr ""
+"Estableix el GID del grup al valor del <replaceable>GID</replaceable>. Si no "
+"se'n proporciona cap, es tria automàticament."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
msgid "sss_userdel"
-msgstr ""
+msgstr "sss_userdel"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_userdel.8.xml:16
msgid "delete a user account"
-msgstr ""
+msgstr "suprimeix el compte d'un usuari"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_userdel.8.xml:21
@@ -9758,6 +10527,9 @@ msgid ""
"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
"arg>"
msgstr ""
+"<command>sss_userdel</command> <arg choice='opt'> <replaceable>opcions</"
+"replaceable> </arg> <arg choice='plain'><replaceable>USUARI</replaceable></"
+"arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_userdel.8.xml:32
@@ -9765,11 +10537,13 @@ msgid ""
"<command>sss_userdel</command> deletes a user identified by login name "
"<replaceable>LOGIN</replaceable> from the system."
msgstr ""
+"<command>sss_userdel</command> suprimeix un usuari identificat amb el nom "
+"d'usuari <replaceable>USUARI</replaceable> del sistema."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:44
msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
+msgstr "<option>-r</option>,<option>--remove</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_userdel.8.xml:48
@@ -9777,6 +10551,9 @@ msgid ""
"Files in the user's home directory will be removed along with the home "
"directory itself and the user's mail spool. Overrides the configuration."
msgstr ""
+"Els fitxers al directori inicial de l'usuari seran eliminats juntament amb "
+"el mateix directori inicial i la gestió de cues del correu de l'usuari. "
+"Substitueix la configuració."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:56
@@ -9789,6 +10566,9 @@ msgid ""
"Files in the user's home directory will NOT be removed along with the home "
"directory itself and the user's mail spool. Overrides the configuration."
msgstr ""
+"Els fitxers al directori inicial de l'usuari no seran eliminats juntament "
+"amb el mateix directori inicial i la gestió de cues del correu de l'usuari. "
+"Substitueix la configuració."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:68
@@ -9801,26 +10581,29 @@ msgid ""
"This option forces <command>sss_userdel</command> to remove the user's home "
"directory and mail spool, even if they are not owned by the specified user."
msgstr ""
+"Aquesta opció obliga a <command>sss_userdel</command> a suprimir el "
+"directori inicial i la gestió de cues del correu de l'usuari, encara que no "
+"siguin de la propietat de l'usuari especificat."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:80
msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
+msgstr "<option>-k</option>,<option>--kick</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_userdel.8.xml:84
msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
+msgstr "Abans d'eliminar realment a l'usuari, acaba tots els seus processos."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
msgid "sss_groupdel"
-msgstr ""
+msgstr "sss_groupdel"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_groupdel.8.xml:16
msgid "delete a group"
-msgstr ""
+msgstr "suprimeix un grup"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_groupdel.8.xml:21
@@ -9829,6 +10612,8 @@ msgid ""
"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
"arg>"
msgstr ""
+"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>opcions</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GRUP</replaceable></arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupdel.8.xml:32
@@ -9836,16 +10621,18 @@ msgid ""
"<command>sss_groupdel</command> deletes a group identified by its name "
"<replaceable>GROUP</replaceable> from the system."
msgstr ""
+"<command>sss_groupdel</command> suprimeix un grup identificat amb el seu nom "
+"de <replaceable>GRUP</replaceable> del sistema."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
msgid "sss_groupshow"
-msgstr ""
+msgstr "sss_groupshow"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_groupshow.8.xml:16
msgid "print properties of a group"
-msgstr ""
+msgstr "imprimeix les propietats d'un grup"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_groupshow.8.xml:21
@@ -9854,6 +10641,8 @@ msgid ""
"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
"arg>"
msgstr ""
+"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>opcions</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GRUP</replaceable></arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupshow.8.xml:32
@@ -9862,11 +10651,14 @@ msgid ""
"identified by its name <replaceable>GROUP</replaceable>. The information "
"includes the group ID number, members of the group and the parent group."
msgstr ""
+"<command>sss_groupshow</command> mostra la informació sobre un grup "
+"identificat amb el seu nom de <replaceable>GRUP</replaceable>. La informació "
+"inclou el número de l'id. del grup, els membres del grup i el grup primari."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_groupshow.8.xml:43
msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
+msgstr "<option>-R</option>,<option>--recursive</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_groupshow.8.xml:47
@@ -9879,12 +10671,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
msgid "sss_usermod"
-msgstr ""
+msgstr "sss_usermod"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_usermod.8.xml:16
msgid "modify a user account"
-msgstr ""
+msgstr "modifica el compte d'un usuari"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_usermod.8.xml:21
@@ -9893,6 +10685,9 @@ msgid ""
"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
"arg>"
msgstr ""
+"<command>sss_usermod</command> <arg choice='opt'> <replaceable>OPCIONS</"
+"replaceable></arg> <arg choice='plain'> <replaceable>USUARI</replaceable></"
+"arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_usermod.8.xml:32
@@ -9901,16 +10696,19 @@ msgid ""
"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
"on the command line."
msgstr ""
+"<command>sss_usermod</command> modifica el compte especificat amb "
+"<replaceable>USUARI</replaceable> per reflectir els canvis que "
+"s'especifiquen a la línia d'ordres."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:60
msgid "The home directory of the user account."
-msgstr ""
+msgstr "El directori inicial del compte de l'usuari."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:71
msgid "The user's login shell."
-msgstr ""
+msgstr "El shell d'inici de sessió de l'usuari."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:82
@@ -9919,6 +10717,9 @@ msgid ""
"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
"a comma separated list of group names."
msgstr ""
+"Annexa aquest usuari als grups que s'especifiquen amb el paràmetre dels "
+"<replaceable>GRUPS</replaceable>. El paràmetre dels <replaceable>GRUPS</"
+"replaceable> és una llista delimitada per comes dels noms dels grups."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:96
@@ -9930,42 +10731,44 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_usermod.8.xml:103
msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
+msgstr "<option>-l</option>,<option>--lock</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:107
msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
+msgstr "Bloqueja el compte de l'usuari. L'usuari no podrà iniciar la sessió."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_usermod.8.xml:114
msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
+msgstr "<option>-u</option>,<option>--unlock</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:118
msgid "Unlock the user account."
-msgstr ""
+msgstr "Desbloqueja el compte de l'usuari."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:129
msgid "The SELinux user for the user's login."
-msgstr ""
+msgstr "L'usuari de SELinux per a l'inici de sessió de l'usuari."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_usermod.8.xml:135
msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgstr ""
+"<option>--addattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:140
msgid "Add an attribute/value pair. The format is attrname=value."
-msgstr ""
+msgstr "Afegeix una parella atribut/valor. El format és nomatribut=valor."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_usermod.8.xml:147
msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgstr ""
+"<option>--setattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:152
@@ -9973,26 +10776,30 @@ msgid ""
"Set an attribute to a name/value pair. The format is attrname=value. For "
"multi-valued attributes, the command replaces the values already present"
msgstr ""
+"Estableix un atribut a la parella nom/valor. El format és nomatribut=valor. "
+"Per als atributs amb múltiples valors, l'ordre substitueix els valors ja "
+"presents"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_usermod.8.xml:160
msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgstr ""
+"<option>--delattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:165
msgid "Delete an attribute/value pair. The format is attrname=value."
-msgstr ""
+msgstr "Elimina una parella atribut/valor. El format és nomatribut=valor."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_cache.8.xml:10 sss_cache.8.xml:15
msgid "sss_cache"
-msgstr ""
+msgstr "sss_cache"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_cache.8.xml:16
msgid "perform cache cleanup"
-msgstr ""
+msgstr "fa neteja de la memòria cau"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_cache.8.xml:21
@@ -10000,6 +10807,8 @@ msgid ""
"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg>"
msgstr ""
+"<command>sss_cache</command> <arg choice='opt'> <replaceable>opcions</"
+"replaceable> </arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_cache.8.xml:31
@@ -10008,32 +10817,39 @@ msgid ""
"records are forced to be reloaded from server as soon as related SSSD "
"backend is online."
msgstr ""
+"<command>sss_cache</command> invalida els registres a la memòria cau de "
+"l'SSSD. Els registres invalidats es veuen obligats a recarregar-se des del "
+"servidor tan aviat com la capa d'accés de dades implicada de l'SSSD estigui "
+"en línia."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:42
msgid "<option>-E</option>,<option>--everything</option>"
-msgstr ""
+msgstr "<option>-E</option>,<option>--everything</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:46
msgid "Invalidate all cached entries except for sudo rules."
msgstr ""
+"Invalida totes les entrades de la memòria cau amb l'excepció de les regles "
+"sudo."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:52
msgid ""
"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
msgstr ""
+"<option>-u</option>,<option>--user</option> <replaceable>usuari</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:57
msgid "Invalidate specific user."
-msgstr ""
+msgstr "Invalida un usuari específic."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:63
msgid "<option>-U</option>,<option>--users</option>"
-msgstr ""
+msgstr "<option>-U</option>,<option>--users</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:67
@@ -10041,22 +10857,25 @@ msgid ""
"Invalidate all user records. This option overrides invalidation of specific "
"user if it was also set."
msgstr ""
+"Invalida tots els registres dels usuaris. Aquesta opció anul·la la "
+"invalidació d'un usuari específic, si també es va especificar."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:74
msgid ""
"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
msgstr ""
+"<option>-g</option>,<option>--group</option> <replaceable>grup</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:79
msgid "Invalidate specific group."
-msgstr ""
+msgstr "Invalida un grup específic."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:85
msgid "<option>-G</option>,<option>--groups</option>"
-msgstr ""
+msgstr "<option>-G</option>,<option>--groups</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:89
@@ -10064,6 +10883,8 @@ msgid ""
"Invalidate all group records. This option overrides invalidation of specific "
"group if it was also set."
msgstr ""
+"Invalida tots els registres dels grups. Aquesta opció anul·la la invalidació "
+"d'un grup específic, si també es va especificar."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:96
@@ -10071,16 +10892,18 @@ msgid ""
"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
"replaceable>"
msgstr ""
+"<option>-n</option>,<option>--netgroup</option> <replaceable>grup-de-xarxa</"
+"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:101
msgid "Invalidate specific netgroup."
-msgstr ""
+msgstr "invalida un grup de xarxa específic."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:107
msgid "<option>-N</option>,<option>--netgroups</option>"
-msgstr ""
+msgstr "<option>-N</option>,<option>--netgroups</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:111
@@ -10088,6 +10911,8 @@ msgid ""
"Invalidate all netgroup records. This option overrides invalidation of "
"specific netgroup if it was also set."
msgstr ""
+"Invalida tots els registres dels grups de xarxa. Aquesta opció anul·la la "
+"invalidació d'un grup de xarxa específic, si també es va especificar."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:118
@@ -10095,16 +10920,18 @@ msgid ""
"<option>-s</option>,<option>--service</option> <replaceable>service</"
"replaceable>"
msgstr ""
+"<option>-s</option>,<option>--service</option> <replaceable>servei</"
+"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:123
msgid "Invalidate specific service."
-msgstr ""
+msgstr "invalida un servei específic."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:129
msgid "<option>-S</option>,<option>--services</option>"
-msgstr ""
+msgstr "<option>-S</option>,<option>--services</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:133
@@ -10112,6 +10939,8 @@ msgid ""
"Invalidate all service records. This option overrides invalidation of "
"specific service if it was also set."
msgstr ""
+"Invalida tots els registres dels serveis. Aquesta opció anul·la la "
+"invalidació d'un servei específic, si també es va especificar."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:140
@@ -10119,16 +10948,18 @@ msgid ""
"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
"replaceable>"
msgstr ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>assignació-"
+"autofs</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:145
msgid "Invalidate specific autofs maps."
-msgstr ""
+msgstr "Invalida una assignació autofs específica."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:151
msgid "<option>-A</option>,<option>--autofs-maps</option>"
-msgstr ""
+msgstr "<option>-A</option>,<option>--autofs-maps</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:155
@@ -10136,6 +10967,9 @@ msgid ""
"Invalidate all autofs maps. This option overrides invalidation of specific "
"map if it was also set."
msgstr ""
+"Invalida tots els registres de les assignacions autofs. Aquesta opció "
+"anul·la la invalidació d'una assignació autofs específica, si també es va "
+"especificar."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:162
@@ -10143,16 +10977,18 @@ msgid ""
"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</"
"replaceable>"
msgstr ""
+"<option>-h</option>,<option>--ssh-host</option> <replaceable>nom-amfitrió</"
+"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:167
msgid "Invalidate SSH public keys of a specific host."
-msgstr ""
+msgstr "Invalida les claus públiques SSH d'un amfitrió especific."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:173
msgid "<option>-H</option>,<option>--ssh-hosts</option>"
-msgstr ""
+msgstr "<option>-H</option>,<option>--ssh-hosts</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:177
@@ -10160,28 +10996,74 @@ msgid ""
"Invalidate SSH public keys of all hosts. This option overrides invalidation "
"of SSH public keys of specific host if it was also set."
msgstr ""
+"Invalida tots els registres de les claus públiques SSH de tots els "
+"amfitrions. Aquesta opció anul·la la invalidació d'una clau pública SSH d'un "
+"amfitrió específic, si també es va especificar."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-g</option>,<option>--group</option> <replaceable>group</"
+#| "replaceable>"
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
+"<option>-g</option>,<option>--group</option> <replaceable>grup</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:190
-msgid "Restrict invalidation process only to a particular domain."
+#, fuzzy
+#| msgid "Invalidate all cached entries except for sudo rules."
+msgid "Invalidate particular sudo rule."
+msgstr ""
+"Invalida totes les entrades de la memòria cau amb l'excepció de les regles "
+"sudo."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid "<option>-U</option>,<option>--users</option>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr "<option>-U</option>,<option>--users</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
msgstr ""
+"Invalida tots els registres dels usuaris. Aquesta opció anul·la la "
+"invalidació d'un usuari específic, si també es va especificar."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domini</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
+msgid "Restrict invalidation process only to a particular domain."
+msgstr "Restringeix el procés d'invalidació a tan sols un domini concret."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
msgid "sss_debuglevel"
-msgstr ""
+msgstr "sss_debuglevel"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_debuglevel.8.xml:16
msgid "change debug level while SSSD is running"
-msgstr ""
+msgstr "canvia el nivell de depuració mentre s'està executant l'SSSD"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_debuglevel.8.xml:21
@@ -10190,6 +11072,9 @@ msgid ""
"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
"replaceable></arg>"
msgstr ""
+"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>opcions</"
+"replaceable> </arg> <arg "
+"choice='plain'><replaceable>NOU_NIVELL_DE_DEPURACIÓ</replaceable></arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_debuglevel.8.xml:32
@@ -10198,21 +11083,24 @@ msgid ""
"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
"running."
msgstr ""
+"<command>sss_debuglevel</command> canvia el nivell de depuració del monitor "
+"i dels proveïdors de l'SSSD monitor al <replaceable>NOU_NIVELL_DE_DEPURACIÓ</"
+"replaceable> mentre s'està executant l'SSSD."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_debuglevel.8.xml:59
msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
-msgstr ""
+msgstr "<replaceable>NOU_NIVELL_DE_DEPURACIÓ</replaceable>"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_seed.8.xml:10 sss_seed.8.xml:15
msgid "sss_seed"
-msgstr ""
+msgstr "sss_seed"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_seed.8.xml:16
msgid "seed the SSSD cache with a user"
-msgstr ""
+msgstr "implanta la memòria cau de l'SSSD amb un usuari"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_seed.8.xml:21
@@ -10222,6 +11110,10 @@ msgid ""
"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></"
"arg>"
msgstr ""
+"<command>sss_seed</command> <arg choice='opt'> <replaceable>opcions</"
+"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMINI</"
+"replaceable></arg> <arg choice='plain'>-n <replaceable>USUARI</replaceable></"
+"arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_seed.8.xml:33
@@ -10230,6 +11122,10 @@ msgid ""
"temporary password. If a user entry is already present in the SSSD cache "
"then the entry is updated with the temporary password."
msgstr ""
+"<command>sss_seed</command> implanta la memòria cau de l'SSSD amb una "
+"entrada d'un usuari i la contrasenya temporal. Si l'entrada d'un usuari ja "
+"està present a la memòria cau de l'SSSD aleshores s'actualitza l'entrada amb "
+"la contrasenya temporal."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_seed.8.xml:46
@@ -10237,6 +11133,8 @@ msgid ""
"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</"
"replaceable>"
msgstr ""
+"<option>-D</option>,<option>--domain</option> <replaceable>DOMINI</"
+"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:51
@@ -10247,6 +11145,11 @@ msgid ""
"Information retrieved from the domain overrides what is provided in the "
"options."
msgstr ""
+"Proporciona el nom del domini en el qual l'usuari n'és membre. El domini "
+"també s'utilitza per recuperar la informació de l'usuari. El domini ha "
+"d'estar configurat a l'sssd.conf. S'ha de proporcionar l'opció del "
+"<replaceable>DOMINI</replaceable>. La informació recuperada del domini "
+"anul·la aquella que es proporcioni a les opcions."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_seed.8.xml:63
@@ -10261,27 +11164,33 @@ msgid ""
"The username of the entry to be created or modified in the cache. The "
"<replaceable>USER</replaceable> option must be provided."
msgstr ""
+"L'entrada del nom d'usuari a crear o modificar a la memòria cau. S'ha de "
+"proporcionar l'opció de l'<replaceable>USUARI</replaceable>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:81
msgid "Set the UID of the user to <replaceable>UID</replaceable>."
-msgstr ""
+msgstr "Estableix l'UID de l'usuari a <replaceable>UID</replaceable>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:93
msgid "Set the GID of the user to <replaceable>GID</replaceable>."
-msgstr ""
+msgstr "Estableix el GID de l'usuari a <replaceable>GID</replaceable>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:117
msgid ""
"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>."
msgstr ""
+"Establix el directori inicial de l'usuari a <replaceable>DIRECTORI_INICIAL</"
+"replaceable>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:129
msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>."
msgstr ""
+"Estableix el shell d'inici de sessió de l'usuari a <replaceable>SHELL</"
+"replaceable>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:140
@@ -10289,6 +11198,9 @@ msgid ""
"Interactive mode for entering user information. This option will only prompt "
"for information not provided in the options or retrieved from the domain."
msgstr ""
+"Mode interactiu per a la introducció de la informació de l'usuari. Aquesta "
+"opció només demanà la informació no proporcionada a les opcions o que no es "
+"recuperi del domini."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_seed.8.xml:148
@@ -10296,6 +11208,8 @@ msgid ""
"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</"
"replaceable>"
msgstr ""
+"<option>-p</option>,<option>--password-file</option> "
+"<replaceable>FITXER_CONTRASENYA</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:153
@@ -10303,6 +11217,8 @@ msgid ""
"Specify file to read user's password from. (if not specified password is "
"prompted for)"
msgstr ""
+"Especifica el fitxer des d'on llegir la contrasenya de l'usuari. (si no "
+"s'especifica, es demana per la contrasenya)"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_seed.8.xml:165
@@ -10311,16 +11227,20 @@ msgid ""
"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes "
"on systems with no globally-defined PASS_MAX value)."
msgstr ""
+"La longitud de la contrasenya (o la mida del fitxer que s'especifica amb "
+"l'opció -p o --password-file) ha de ser més petita o igual que PASS_MAX "
+"bytes (64 bytes en els sistemes que no defineixen globalment el valor de "
+"PASS_MAX)."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
msgid "sssd-ifp"
-msgstr ""
+msgstr "sssd-ifp"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-ifp.5.xml:17
msgid "SSSD InfoPipe responder"
-msgstr ""
+msgstr "contestador de l'InfoPipe de l'SSSD"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ifp.5.xml:23
@@ -10331,6 +11251,12 @@ msgid ""
"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+"En aquesta pàgina del manual es descriu la configuració del contestador de "
+"l'InfoPipe per a <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>. Per a una referència detallada de "
+"la sintaxi, consulteu la secció <quote>FORMAT DEL FITXER</quote> de la "
+"pàgina del manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ifp.5.xml:36
@@ -10339,11 +11265,17 @@ msgid ""
"system bus. The interface allows the user to query information about remote "
"users and groups over the system bus."
msgstr ""
+"El contestador de l'InfoPipe proporciona una interfície D-Bus publica que es "
+"pot accedir a través del bus del sistema. La interfície permet que l'usuari "
+"consulti informació sobre els usuaris i els grups remots a través del bus "
+"del sistema."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ifp.5.xml:46
msgid "These options can be used to configure the InfoPipe responder."
msgstr ""
+"Es poden utilitzar aquestes opcions per configurar el contestador de "
+"l'InfoPipe."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:53
@@ -10352,12 +11284,17 @@ msgid ""
"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
"startup."
msgstr ""
+"Especifica una llista separada per comes dels valors dels UID o dels noms "
+"d'usuaris que estan assignats per accedir al contestador de l'InfoPipe. Els "
+"noms d'usuaris es resolen als UID en la preparació."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:59
msgid ""
"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
msgstr ""
+"Per defecte: 0 (únicament a l'usuari root se li permet l'accés al "
+"contestador de l'InfoPipe)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:63
@@ -10367,66 +11304,72 @@ msgid ""
"access the InfoPipe responder, which would be the typical case, you have to "
"add 0 to the list of allowed UIDs as well."
msgstr ""
+"Tingueu en compte que encara que s'utilitzi l'UID 0 com a valor per defecte "
+"se sobreescriurà amb aquesta opció. Si encara voleu permetre que l'usuari "
+"root accedeixi al contestador de l'InfoPipe, el que seria el cas típic, "
+"també cal afegir 0 a la llista dels UID permesos."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:77
msgid "Specifies the comma-separated list of white or blacklisted attributes."
msgstr ""
+"Especifica una llista separada per comes dels atributs de la llista negra o "
+"blanca."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-ifp.5.xml:91
msgid "name"
-msgstr ""
+msgstr "name"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:92
msgid "user's login name"
-msgstr ""
+msgstr "nom d'inici de sessió de l'usuari"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-ifp.5.xml:95
msgid "uidNumber"
-msgstr ""
+msgstr "uidNumber"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:96
msgid "user ID"
-msgstr ""
+msgstr "id. de l'usuari"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-ifp.5.xml:99
msgid "gidNumber"
-msgstr ""
+msgstr "gidNumber"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:100
msgid "primary group ID"
-msgstr ""
+msgstr "id. del grup primari"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-ifp.5.xml:103
msgid "gecos"
-msgstr ""
+msgstr "gecos"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:104
msgid "user information, typically full name"
-msgstr ""
+msgstr "informació de l'usuari, normalment el nom complet "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-ifp.5.xml:107
msgid "homeDirectory"
-msgstr ""
+msgstr "homeDirectory"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-ifp.5.xml:111
msgid "loginShell"
-msgstr ""
+msgstr "loginShell"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:112
msgid "user shell"
-msgstr ""
+msgstr "shell de l'usuari"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:81
@@ -10437,6 +11380,11 @@ msgid ""
"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
+"Per defecte, el contestador de l'InfoPipe únicament permet que se "
+"sol·licitin el conjunt per defecte dels atributs POSIX. Aquest conjunt és el "
+"mateix que es retorna amb <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> i inclou: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-ifp.5.xml:125
@@ -10445,6 +11393,8 @@ msgid ""
"user_attributes = +telephoneNumber, -loginShell\n"
" "
msgstr ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:117
@@ -10455,11 +11405,18 @@ msgid ""
"deny <quote>loginShell</quote>, you would use the following configuration: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
+"Es poden afegir altres atributs a aquest conjunt amb <quote>+nom_atribut</"
+"quote> o suprimir explícitament un atribut amb <quote>-nom_atribut</quote>. "
+"Per exemple, per permetre <quote>telephoneNumber</quote> però denegar "
+"<quote>loginShell</quote>, podríeu utilitzar la següent configuració: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:129
msgid "Default: not set. Only the default set of POSIX attributes is allowed."
msgstr ""
+"Per defecte: sense establir. Únicament es permet el conjunt per defecte dels "
+"atributs POSIX."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:139
@@ -10483,21 +11440,27 @@ msgid ""
"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </"
"author>"
msgstr ""
+"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</"
+"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data "
+"Inc.</orgname> </affiliation> <contrib>Desenvolupador (2013-2014)</contrib> "
+"</author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> "
+"<contrib>Desenvolupador (2014-)</contrib> <email>tsnoam@gmail.com</email> </"
+"author>"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32
msgid "sss_rpcidmapd"
-msgstr ""
+msgstr "sss_rpcidmapd"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_rpcidmapd.5.xml:33
msgid "sss plugin configuration directives for rpc.idmapd"
-msgstr ""
+msgstr "les directrius de configuració del complement sss per al rpc.idmapd"
#. type: Content of: <reference><refentry><refsect1><title>
#: sss_rpcidmapd.5.xml:37
msgid "CONFIGURATION FILE"
-msgstr ""
+msgstr "FITXER DE CONFIGURACIÓ"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_rpcidmapd.5.xml:39
@@ -10506,16 +11469,19 @@ msgid ""
"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information."
msgstr ""
+"El fitxer de configuració rpc.idmapd normalment es troba a <emphasis>/etc/"
+"idmapd.conf</emphasis>. Vegeu <citerefentry> <refentrytitle>idmapd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> per més informació."
#. type: Content of: <reference><refentry><refsect1><title>
#: sss_rpcidmapd.5.xml:49
msgid "SSS CONFIGURATION EXTENSION"
-msgstr ""
+msgstr "AMPLIACIÓ DE LA CONFIGURACIÓ DE L'SSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sss_rpcidmapd.5.xml:51
msgid "Enable SSS plugin"
-msgstr ""
+msgstr "Habilita el complement SSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sss_rpcidmapd.5.xml:53
@@ -10523,11 +11489,13 @@ msgid ""
"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> "
"attribute to contain <emphasis>sss</emphasis>."
msgstr ""
+"En la secció <quote>[Translation]</quote>, modifiqueu o establiu l'atribut "
+"<quote>Method</quote> per abastar <emphasis>sss</emphasis>."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sss_rpcidmapd.5.xml:59
msgid "[sss] config section"
-msgstr ""
+msgstr "Secció de configuració [sss]"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sss_rpcidmapd.5.xml:61
@@ -10536,26 +11504,30 @@ msgid ""
"<emphasis>sss</emphasis> plugin listed below you will need to create a "
"config section for it, named <quote>[sss]</quote>."
msgstr ""
+"Per canviar el valor per defecte d'un dels atributs de configuració del "
+"connector de l'<emphasis>sss</emphasis> que es llisten a continuació, "
+"necessitareu crear-li una secció de configuració, anomenada <quote>[sss]</"
+"quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
#: sss_rpcidmapd.5.xml:67
msgid "Configuration attributes"
-msgstr ""
+msgstr "Atributs de configuració"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sss_rpcidmapd.5.xml:69
msgid "memcache (bool)"
-msgstr ""
+msgstr "memcache (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sss_rpcidmapd.5.xml:72
msgid "Indicates whether or not to use memcache optimisation technique."
-msgstr ""
+msgstr "Indica si s'utilitza o no la tècnica d'optimització de la memòria cau."
#. type: Content of: <reference><refentry><refsect1><title>
#: sss_rpcidmapd.5.xml:85
msgid "SSSD INTEGRATION"
-msgstr ""
+msgstr "INTEGRACIÓ DE L'SSSD"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_rpcidmapd.5.xml:87
@@ -10563,6 +11535,8 @@ msgid ""
"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled "
"in sssd."
msgstr ""
+"El connector sss requereix que s'habiliti el <emphasis>contestador del NSS</"
+"emphasis> al sssd."
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_rpcidmapd.5.xml:91
@@ -10571,6 +11545,9 @@ msgid ""
"all domains (NFSv4 clients expect a fully qualified name to be sent on the "
"wire)."
msgstr ""
+"L'atribut <quote>use_fully_qualified_names</quote> ha d'estar habilitat en "
+"tots els dominis (els clients de NFSv4 esperen un FQN per a ser enviats al "
+"cable)."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sss_rpcidmapd.5.xml:103
@@ -10589,6 +11566,18 @@ msgid ""
"[Translation]\n"
"Method = sss\n"
msgstr ""
+"[General]\n"
+"Verbosity = 2\n"
+"# el domini ha de sincronitzar-se entre el servidor i els clients del NFSv4\n"
+"# Solaris/Illumos/AIX utilitzen \"localdomain\" com a predeterminat!\n"
+"Domain = default\n"
+"\n"
+"[Mapping]\n"
+"Nobody-User = nfsnobody\n"
+"Nobody-Group = nfsnobody\n"
+"\n"
+"[Translation]\n"
+"Method = sss\n"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_rpcidmapd.5.xml:100
@@ -10596,6 +11585,8 @@ msgid ""
"The following example shows a minimal idmapd.conf which makes use of the sss "
"plugin. <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
+"En el següent exemple es mostra un idmapd.conf mínim que fa ús del connector "
+"sss. <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <refsect1><title>
#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2
@@ -10609,21 +11600,24 @@ msgid ""
"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry>"
msgstr ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
msgid "sss_ssh_authorizedkeys"
-msgstr ""
+msgstr "sss_ssh_authorizedkeys"
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
msgid "1"
-msgstr ""
+msgstr "1"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_ssh_authorizedkeys.1.xml:16
msgid "get OpenSSH authorized keys"
-msgstr ""
+msgstr "obté les claus autoritzades de l'OpenSSH"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_ssh_authorizedkeys.1.xml:21
@@ -10632,6 +11626,9 @@ msgid ""
"<replaceable>options</replaceable> </arg> <arg "
"choice='plain'><replaceable>USER</replaceable></arg>"
msgstr ""
+"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
+"<replaceable>opcions</replaceable> </arg> <arg "
+"choice='plain'><replaceable>USUARI</replaceable></arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:32
@@ -10645,25 +11642,41 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:41
+#, fuzzy
+#| msgid ""
+#| "This manual page describes the configuration of LDAP domains for "
+#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> "
+#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
+#| "information."
msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
+"En aquesta pàgina del manual es descriu la configuració de dominis LDAP per "
+"a <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>. Consulteu la secció <quote>FORMAT DE FITXER</"
+"quote> de la pàgina del manual <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> per obtenir "
+"informació detallada de la sintaxi."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
" AuthorizedKeysCommandUser nobody\n"
msgstr ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10673,36 +11686,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10710,12 +11706,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
msgid "sss_ssh_knownhostsproxy"
-msgstr ""
+msgstr "sss_ssh_knownhostsproxy"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_ssh_knownhostsproxy.1.xml:16
msgid "get OpenSSH host keys"
-msgstr ""
+msgstr "obté les claus de l'amfitrió de l'OpenSSH"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_ssh_knownhostsproxy.1.xml:21
@@ -10767,6 +11763,7 @@ msgstr ""
msgid ""
"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
msgstr ""
+"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_ssh_knownhostsproxy.1.xml:71
@@ -10797,7 +11794,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><title>
#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
msgid "Configuration"
-msgstr ""
+msgstr "Configuració"
#. type: Content of: <refsect1><refsect2><para>
#: include/service_discovery.xml:11
@@ -10814,7 +11811,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><title>
#: include/service_discovery.xml:23
msgid "The domain name"
-msgstr ""
+msgstr "El nom del domini"
#. type: Content of: <refsect1><refsect2><para>
#: include/service_discovery.xml:25
@@ -10827,7 +11824,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><title>
#: include/service_discovery.xml:35
msgid "The protocol"
-msgstr ""
+msgstr "El protocol"
#. type: Content of: <refsect1><refsect2><para>
#: include/service_discovery.xml:37
@@ -10839,7 +11836,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><title>
#: include/service_discovery.xml:42
msgid "See Also"
-msgstr ""
+msgstr "Vegeu també"
#. type: Content of: <refsect1><refsect2><para>
#: include/service_discovery.xml:44
@@ -10850,7 +11847,7 @@ msgstr ""
#. type: Content of: outside any tag (error?)
#: include/upstream.xml:1
msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
+msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>"
#. type: Content of: <refsect1><title>
#: include/failover.xml:2
@@ -11069,7 +12066,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
#: include/ldap_id_mapping.xml:120
msgid "ldap_idmap_range_min (integer)"
-msgstr ""
+msgstr "ldap_idmap_range_min (enter)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:123
@@ -11089,14 +12086,14 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
-msgstr ""
+msgstr "Per defecte: 200000"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
#: include/ldap_id_mapping.xml:142
msgid "ldap_idmap_range_max (integer)"
-msgstr ""
+msgstr "ldap_idmap_range_max (enter)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:145
@@ -11118,12 +12115,12 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:159
msgid "Default: 2000200000"
-msgstr ""
+msgstr "Per defecte: 2000200000"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
#: include/ldap_id_mapping.xml:164
msgid "ldap_idmap_range_size (integer)"
-msgstr ""
+msgstr "ldap_idmap_range_size (enter)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:167
@@ -11146,11 +12143,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -11158,12 +12156,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
-msgstr ""
+msgstr "ldap_idmap_default_domain_sid (cadena)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -11171,36 +12169,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
-msgstr ""
+msgstr "ldap_idmap_default_domain (cadena)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
-msgstr ""
+msgstr "ldap_idmap_autorid_compat (booleà)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -11209,13 +12207,36 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+#, fuzzy
+#| msgid "ldap_idmap_range_size (integer)"
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr "ldap_idmap_range_size (enter)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -11224,51 +12245,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
@@ -11288,12 +12309,12 @@ msgstr ""
#. type: Content of: <varlistentry><listitem><para>
#: include/param_help.xml:7 include/param_help_py.xml:7
msgid "Display help message and exit."
-msgstr ""
+msgstr "Mostra el missatge d'ajuda i surt."
#. type: Content of: <varlistentry><term>
#: include/param_help_py.xml:3
msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
+msgstr "<option>-h</option>,<option>--help</option>"
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:3
@@ -11304,6 +12325,12 @@ msgid ""
"is to specify a hexadecimal bitmask to enable or disable specific levels "
"(such as if you wish to suppress a level)."
msgstr ""
+"L'SSSD admet dues representacions per a l'especificació del nivell de "
+"depuració. La més senzilla és especificar un número del 0-9, que representa "
+"el que permet cada nivell i tots els missatges de depuració de nivell baix. "
+"L'opció més exhaustiva és especificar una màscara de bits en hexadecimal per "
+"activar o desactivar els nivells específics (per exemple, si voleu suprimir "
+"un nivell)."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:10
@@ -11314,6 +12341,12 @@ msgid ""
"responder or provider processes. The <quote>debug_level</quote> parameter "
"should be added to all sections that you wish to produce debug logs from."
msgstr ""
+"Si us plau, tingueu en compte que cadascun dels serveis de l'SSSD registra "
+"el seu fitxer propi de registre. També tingueu en compte que l'habilitació "
+"del <quote>debug_level</quote> a la secció <quote>[sssd]</quote>únicament "
+"habilita la depuració del mateix procés de l'sssd, no per al procés del "
+"contestador o del proveïdor. El paràmetre <quote>debug_level</quote> s'ha "
+"d'afegir en totes les seccions que vulgueu que generin registres."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:18
@@ -11324,11 +12357,16 @@ msgid ""
"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry> tool."
msgstr ""
+"A més de canviar el nivell del registre al fitxer de configuració amb el "
+"paràmetre <quote>debug_level</quote>, que és permanent, però requereix que "
+"es reiniciï l'SSSD, també és possible canviar el nivell de depuració al vol "
+"amb l'eina <citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:29
msgid "Currently supported debug levels:"
-msgstr ""
+msgstr "Els nivells de depuració que s'admeten actualment:"
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:32
@@ -11337,6 +12375,9 @@ msgid ""
"Anything that would prevent SSSD from starting up or causes it to cease "
"running."
msgstr ""
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fallides fatals. "
+"Qualsevol cosa que impedeixi la posada en marxa de l'SSSD o provoqui el seu "
+"cessament."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:38
@@ -11345,6 +12386,9 @@ msgid ""
"error that doesn't kill the SSSD, but one that indicates that at least one "
"major feature is not going to work properly."
msgstr ""
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Fallides crítiques. Un "
+"error que no mata a l'SSSD, però un que indica que almenys hi ha una "
+"característica important que no funcionarà correctament."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:45
@@ -11352,6 +12396,8 @@ msgid ""
"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
"error announcing that a particular request or operation has failed."
msgstr ""
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Fallides serioses. Un "
+"error que anuncia que una petició o una operació en particular ha fallat."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:50
@@ -11359,17 +12405,23 @@ msgid ""
"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
"are the errors that would percolate down to cause the operation failure of 2."
msgstr ""
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Fallides menors. "
+"Aquests són els errors que enterboleixen i poden fer fracassar l'operació "
+"dels 2."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:55
msgid ""
"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Ajusts de la "
+"configuració."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:59
msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr ""
+"<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Dades de les funcions."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:63
@@ -11377,6 +12429,8 @@ msgid ""
"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
"operation functions."
msgstr ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Missatges de traça per "
+"al funcionament de les funcions."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:67
@@ -11384,6 +12438,8 @@ msgid ""
"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
"internal control functions."
msgstr ""
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Missatges de traça per "
+"a les funcions internes de control."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:72
@@ -11391,6 +12447,8 @@ msgid ""
"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
"internal variables that may be interesting."
msgstr ""
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contingut de les "
+"variables de les funcions internes que poden ser interessants."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:77
@@ -11398,6 +12456,8 @@ msgid ""
"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
"tracing information."
msgstr ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Informació de traçat "
+"extremadament de baix nivell."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:81
@@ -11405,6 +12465,9 @@ msgid ""
"To log required bitmask debug levels, simply add their numbers together as "
"shown in following examples:"
msgstr ""
+"Per registrar els nivells de depuració de la màscara de bits que es "
+"requereixi, només heu d'afegir els seus números com es mostra en els "
+"següents exemples:"
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:85
@@ -11412,6 +12475,9 @@ msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
msgstr ""
+"<emphasis>Exemple</emphasis>: Per registrar les fallides fatals, les "
+"fallides crítiques, les fallides serioses i les dades de les funcions, "
+"utilitzeu0x0270."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:89
@@ -11419,6 +12485,9 @@ msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
msgstr ""
+"<emphasis>Exemple</emphasis>: Per registrar les fallides fatals, els ajusts "
+"de la configuració, les dades de les funcions, els missatges de traça per a "
+"les funcions internes de control, utilitzeu 0x1310."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:94
@@ -11426,11 +12495,13 @@ msgid ""
"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
"in 1.7.0."
msgstr ""
+"<emphasis>Nota</emphasis>: El format de la màscara de bits dels nivells de "
+"depuració es va introduir en la versió 1.7.0."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:98
msgid "<emphasis>Default</emphasis>: 0"
-msgstr ""
+msgstr "<emphasis>Per defecte</emphasis>: 0"
#. type: Content of: outside any tag (error?)
#: include/experimental.xml:1
@@ -11442,7 +12513,7 @@ msgstr ""
#. type: Content of: <refsect1><title>
#: include/local.xml:2
msgid "THE LOCAL DOMAIN"
-msgstr ""
+msgstr "EL DOMINI LOCAL"
#. type: Content of: <refsect1><para>
#: include/local.xml:4
@@ -11450,6 +12521,8 @@ msgid ""
"In order to function correctly, a domain with <quote>id_provider=local</"
"quote> must be created and the SSSD must be running."
msgstr ""
+"Per a un funcionament correcte, s'ha de crear un domini amb "
+"<quote>id_provider=local</quote> i l'SSSD ha d'estar en execució."
#. type: Content of: <refsect1><para>
#: include/local.xml:9
@@ -11462,6 +12535,14 @@ msgid ""
"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
"local LDB storage to store users and groups."
msgstr ""
+"L'administrador pot ser que vulgui utilitzar els usuaris locals de l'SSSD en "
+"lloc dels usuaris tradicionals d'UNIX en els casos en què es requereixi la "
+"imbricació dels grups (vegeu <citerefentry> <refentrytitle>sss_groupadd</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>). Els usuaris locals "
+"també són útils per provar i desplegar l'SSSD sense haver de desplegar tot "
+"un servidor remot. Les eines <command>sss_user*</command> i "
+"<command>sss_group*</command> utilitzen l'emmagatzematge LDB local per "
+"emmagatzemar els usuaris i els grups."
#. type: Content of: <refsect1><para>
#: include/seealso.xml:4
@@ -11507,6 +12588,46 @@ msgid ""
"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>"
msgstr ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
+"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
+"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> "
+"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>"
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:3
@@ -11560,7 +12681,7 @@ msgstr ""
#. type: Content of: <varlistentry><term>
#: include/override_homedir.xml:2
msgid "override_homedir (string)"
-msgstr ""
+msgstr "override_homedir (cadena)"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: include/override_homedir.xml:16
@@ -11636,7 +12757,7 @@ msgstr ""
#. type: Content of: <varlistentry><term>
#: include/homedir_substring.xml:2
msgid "homedir_substring (string)"
-msgstr ""
+msgstr "homedir_substring (cadena)"
#. type: Content of: <varlistentry><listitem><para>
#: include/homedir_substring.xml:5
@@ -11653,4 +12774,10 @@ msgstr ""
#. type: Content of: <varlistentry><listitem><para>
#: include/homedir_substring.xml:15
msgid "Default: /home"
-msgstr ""
+msgstr "Per defecte: /home"
+
+#~ msgid "Default: ou"
+#~ msgstr "Per defecte: ou"
+
+#~ msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+#~ msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
diff --git a/src/man/po/cs.po b/src/man/po/cs.po
index b6bb9e7cb..17737349e 100644
--- a/src/man/po/cs.po
+++ b/src/man/po/cs.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Czech (http://www.transifex.com/projects/p/sssd/language/"
@@ -18,7 +18,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -61,7 +61,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -80,11 +80,11 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "VOLBY"
@@ -215,113 +215,128 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
-msgid "debug_timestamps (bool)"
+msgid "debug (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:76
msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:89
+msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -330,29 +345,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -362,19 +377,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -382,12 +397,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -395,58 +410,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -455,7 +470,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -463,69 +478,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -535,7 +550,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -545,20 +560,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -568,7 +583,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -577,12 +592,97 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+msgid "certificate_verification (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -593,12 +693,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -607,22 +707,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -632,17 +732,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -650,19 +750,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -672,12 +772,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -685,117 +785,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -803,7 +851,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -813,7 +861,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -822,17 +870,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -840,60 +888,86 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+msgid "local_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
+msgid ""
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:652
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -901,23 +975,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -925,47 +999,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -973,103 +1047,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1080,72 +1161,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1153,59 +1234,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1213,7 +1294,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1222,17 +1303,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1240,117 +1321,183 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1064
+#, no-wrap
+msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1083
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_locked_message = Account locked, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+msgid "pam_cert_db_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
msgid "p11_child_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1361,34 +1508,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1396,68 +1543,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
msgid "Default: /etc/pki/nssdb"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1469,7 +1616,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1480,24 +1627,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1505,12 +1652,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1518,25 +1665,37 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+msgid "pac_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1545,46 +1704,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1596,14 +1755,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1612,39 +1771,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1653,19 +1812,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1676,151 +1835,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1828,24 +1987,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1854,17 +2013,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1873,33 +2032,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1907,8 +2066,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1917,8 +2076,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1926,19 +2085,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1947,7 +2106,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1955,22 +2114,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1982,7 +2141,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -1990,19 +2149,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2010,7 +2169,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2018,30 +2177,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2049,19 +2208,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2070,24 +2229,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2095,7 +2267,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2103,35 +2275,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2139,32 +2311,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2175,12 +2347,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2188,7 +2360,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2196,31 +2368,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2228,7 +2400,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2237,23 +2409,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2261,7 +2433,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2269,24 +2441,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2294,12 +2474,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2309,7 +2489,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2318,29 +2498,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2348,7 +2528,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2356,66 +2536,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2423,70 +2603,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2494,7 +2674,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2502,41 +2682,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2546,34 +2770,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
msgid "cached_auth_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2581,12 +2805,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2594,7 +2818,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2602,49 +2826,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2652,73 +2890,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2726,17 +2964,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2745,17 +2983,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2763,17 +3001,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2781,19 +3019,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2823,7 +3061,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2869,7 +3107,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2969,8 +3207,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr ""
@@ -3259,14 +3497,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3661,8 +3899,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
@@ -3866,19 +4104,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
-msgid "ldap_group_nesting_level (integer)"
+msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:948
msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3888,26 +4143,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3915,14 +4171,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3930,7 +4186,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3938,19 +4194,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3958,168 +4208,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4127,7 +4377,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4135,12 +4385,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4148,12 +4398,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4164,12 +4414,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4178,12 +4428,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4192,34 +4442,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4227,14 +4477,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4242,17 +4492,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4262,12 +4512,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4275,17 +4525,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4293,13 +4543,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4308,7 +4558,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4316,26 +4566,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4343,7 +4593,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4351,7 +4601,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4359,41 +4609,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4402,32 +4652,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4435,24 +4685,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4460,17 +4710,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4481,29 +4731,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4512,17 +4762,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4530,49 +4780,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4580,27 +4830,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4612,7 +4862,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4620,7 +4870,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4628,39 +4878,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4670,7 +4920,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4678,26 +4928,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4705,7 +4955,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4713,31 +4963,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4746,56 +4996,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4811,12 +5061,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4825,14 +5075,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4841,24 +5091,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4866,19 +5116,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4887,7 +5137,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4895,7 +5145,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4904,7 +5154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4912,22 +5162,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4937,14 +5187,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4957,12 +5207,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -4972,7 +5222,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -4982,49 +5232,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5033,74 +5283,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5111,7 +5361,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5119,24 +5369,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
msgid "wildcart_limit (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5151,12 +5401,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5164,208 +5414,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5373,101 +5623,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5476,108 +5726,108 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
msgid "Default: automount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5586,32 +5836,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5620,22 +5870,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5644,7 +5894,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5652,7 +5902,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5665,26 +5915,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5700,13 +5950,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5743,11 +5993,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5755,34 +6006,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5790,31 +6041,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5822,36 +6073,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5859,7 +6110,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5868,25 +6119,56 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5894,7 +6176,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5906,7 +6188,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6065,7 +6347,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6213,7 +6495,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6221,14 +6503,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6243,12 +6525,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6269,12 +6551,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6298,7 +6580,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6308,7 +6590,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6325,12 +6607,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6338,12 +6620,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6362,50 +6644,50 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6515,7 +6797,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6589,26 +6871,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6627,7 +6909,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6925,13 +7207,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6941,15 +7224,15 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -6957,7 +7240,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -6970,7 +7253,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -6978,53 +7261,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7032,19 +7327,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7055,12 +7350,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7069,7 +7364,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7078,7 +7373,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7087,14 +7382,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7103,7 +7398,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7118,29 +7413,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7149,7 +7444,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7158,12 +7453,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7173,14 +7468,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7193,23 +7488,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7217,22 +7512,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7240,12 +7535,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7253,14 +7548,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7268,7 +7563,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7280,53 +7575,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7334,7 +7654,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7342,7 +7662,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7350,7 +7670,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7362,17 +7682,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7380,7 +7705,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7388,7 +7713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7396,7 +7721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7408,22 +7733,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7431,14 +7756,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7446,7 +7771,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7458,17 +7783,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7476,14 +7801,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7491,7 +7816,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7502,19 +7827,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7522,7 +7847,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7534,34 +7859,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7569,12 +7899,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7587,52 +7917,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+msgid "Default: 30 days"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7643,36 +8011,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7680,7 +8048,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7695,7 +8063,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7704,7 +8072,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7712,7 +8080,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7721,6 +8089,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8179,7 +8555,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8246,17 +8622,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8264,50 +8645,82 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+#, fuzzy
+#| msgid "<option>-h</option>,<option>--help</option>"
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr "<option>-h</option>,<option>--help</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8315,29 +8728,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8345,39 +8758,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8385,41 +8827,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "OPTIONS"
msgid "COMMON OPTIONS"
msgstr "VOLBY"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
msgstr ""
@@ -9565,13 +10007,41 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid "<option>-h</option>,<option>--help</option>"
+msgid ""
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
+"replaceable>"
+msgstr "<option>-h</option>,<option>--help</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid "<option>-h</option>,<option>--help</option>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr "<option>-h</option>,<option>--help</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:190
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10051,13 +10521,13 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10065,7 +10535,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10075,36 +10545,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10491,7 +10944,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10548,11 +11001,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10560,12 +11014,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10573,36 +11027,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10611,13 +11065,34 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10626,51 +11101,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
diff --git a/src/man/po/de.po b/src/man/po/de.po
index 9c8c99133..33cf758ae 100644
--- a/src/man/po/de.po
+++ b/src/man/po/de.po
@@ -10,7 +10,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-09 02:21-0400\n"
"Last-Translator: Mario Blättermann <mario.blaettermann@gmail.com>\n"
"Language-Team: German (http://www.transifex.com/projects/p/sssd/language/"
@@ -20,7 +20,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -66,7 +66,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -87,11 +87,11 @@ msgstr ""
"Befehlszeile angegebenen Änderungen widerzuspiegeln."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "OPTIONEN"
@@ -246,63 +246,79 @@ msgstr "debug_level (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
+#, fuzzy
+#| msgid "debug_level (integer)"
+msgid "debug (integer)"
+msgstr "debug_level (Ganzzahl)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:89
msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr "Voreinstellung: »true«"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr "Voreinstellung: »false«"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr "In den Abschnitten SERVICE und DOMAIN verwendbare Optionen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr "timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
@@ -311,33 +327,34 @@ msgstr ""
"dient dazu, sicherzustellen, dass ein Prozess läuft und in der Lage ist, "
"Anfragen zu beantworten."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "Voreinstellung: 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr "BESONDERE ABSCHNITTE"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr "Der Abschnitt [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr "Abschnittsparameter"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr "config_file_version (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -346,12 +363,12 @@ msgstr ""
"Version 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "Dienste"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
@@ -359,7 +376,7 @@ msgstr ""
"gestartet werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -372,12 +389,12 @@ msgstr ""
"\">, pac</phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -387,17 +404,17 @@ msgstr ""
"startet."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "Voreinstellung: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "Domains"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -407,12 +424,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr "re_expression (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
@@ -422,7 +439,7 @@ msgstr ""
"werden sollen."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -434,12 +451,12 @@ msgstr ""
"unter DOMAIN-ABSCHNITTE."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr "full_name_format (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -451,32 +468,32 @@ msgstr ""
"zusammengestellt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr "%1$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr "Benutzername"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr "%2$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr "Domain-Name, wie er durch die SSSD-Konfigurationsdatei angegeben wird"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr "%3$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
@@ -485,7 +502,7 @@ msgstr ""
"direkt konfiguriert als auch über IPA-Trust"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
@@ -494,7 +511,7 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
@@ -504,12 +521,12 @@ msgstr ""
"ABSCHNITTE."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr "try_inotify (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -523,7 +540,7 @@ msgstr ""
"abzufragen."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -534,7 +551,7 @@ msgstr ""
"sollte diese Option auf »false« gesetzt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -543,7 +560,7 @@ msgstr ""
"»false« auf anderen Plattformen."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -552,12 +569,12 @@ msgstr ""
"verfügbar ist, keine Auswirkungen haben."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -566,7 +583,7 @@ msgstr ""
"Zwischenspeichers speichern sollte."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
@@ -576,7 +593,7 @@ msgstr ""
"Ort für den Replay-Zwischenspeicher ist."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
@@ -585,29 +602,29 @@ msgstr ""
"(__LIBKRB5_DEFAULTS__, falls nicht konfiguriert)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr "default_domain_suffix (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -623,7 +640,7 @@ msgstr ""
"ihrem Benutzernamen ohne auch eine Domain anzugeben."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -633,20 +650,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr "Voreinstellung: nicht gesetzt"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -656,7 +673,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -665,12 +682,105 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "certificate_verification (string)"
+msgstr "re_expression (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+#, fuzzy
+#| msgid "These options can be used to configure the InfoPipe responder."
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+"Diese Optionen können zur Konfiguration des InfoPipe-Responders verwendet "
+"werden."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+#, fuzzy
+#| msgid "Default: not set, i.e. service discovery is disabled"
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr "Voreinstellung: nicht gesetzt, d.h. Dienstsuche ist deaktiviert"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -687,12 +797,12 @@ msgstr ""
"verwendet. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr "DIENSTABSCHNITTE"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -705,22 +815,22 @@ msgstr ""
"Abschnitt zum Beispiel <quote>[nss]</quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr "Allgemeine Optionen zum Konfigurieren von Diensten"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr "Diese Optionen können zur Konfiguration jedes Dienstes benutzt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr "fd_limit"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -736,17 +846,17 @@ msgstr ""
"Begrenzung in der »limit.conf« sein."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr "Voreinstellung: 8192 (oder die »harte« Begrenzung der »limit.conf«)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr "client_idle_timeout"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -758,19 +868,19 @@ msgstr ""
"des Systems blockiert werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr "Voreinstellung: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr "force_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -785,12 +895,12 @@ msgstr ""
"SIGKILL erzwingen."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr "offline_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -798,89 +908,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr "ldap_use_tokengroups"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr "Voreinstellung: none"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr "NSS-Konfigurationsoptionen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -888,12 +946,12 @@ msgstr ""
"benutzt werden"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -902,17 +960,17 @@ msgstr ""
"über alle Nutzer) zwischenspeichern?"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "Voreinstellung: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -924,7 +982,7 @@ msgstr ""
"werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -941,7 +999,7 @@ msgstr ""
"Zwischenspeicheraktualisierung zu warten."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -954,17 +1012,17 @@ msgstr ""
"Sekunden senken. (0 schaltet diese Funktionalität aus.)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr "Voreinstellung: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -976,22 +1034,56 @@ msgstr ""
"Backend erneut gefragt wird)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "Voreinstellung: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "autofs_negative_timeout (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "autofs_negative_timeout (Ganzzahl)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+#, fuzzy
+#| msgid ""
+#| "Specifies for how many seconds nss_sss should cache negative cache hits "
+#| "(that is, queries for invalid database entries, like nonexistent ones) "
+#| "before asking the back end again."
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+"gibt an, für wie viele Sekunden lang »nss_sss« negative "
+"Zwischenspeichertreffer zwischenspeichern soll (das heißt, Abfragen "
+"ungültiger Datenbankeinträge, wie solche, die nicht existieren), bevor das "
+"Backend erneut gefragt wird)."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Voreinstellung: 0"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
+#, fuzzy
+#| msgid ""
+#| "Exclude certain users from being fetched from the sss NSS database. This "
+#| "is particularly useful for system accounts. This option can also be set "
+#| "per-domain or include fully-qualified names to filter only users from the "
+#| "particular domain."
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
"schließt bestimmte Nutzer von der Abfrage aus der SSS-NSS-Datenbank aus, was "
"insbesondere für Systemkonten nützlich ist. Diese Option kann auch pro "
@@ -999,17 +1091,26 @@ msgstr ""
"von einer bestimmten Domain herauszufiltern."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr "Voreinstellung: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -1017,12 +1118,12 @@ msgstr ""
"setzen Sie diese Option auf »false«."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr "fallback_homedir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
@@ -1031,7 +1132,7 @@ msgstr ""
"es nicht explizit durch den Datenanbieter der Domain angegeben wurde."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
@@ -1039,7 +1140,7 @@ msgstr ""
"»override_homedir«."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -1049,25 +1150,25 @@ msgstr ""
" "
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "Beispiel: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
"Voreinstellung: nicht gesetzt (kein Ersetzen nicht gesetzter Home-"
"Verzeichnisse)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr "override_shell (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -1078,19 +1179,19 @@ msgstr ""
"entweder im Abschnitt [nss] oder für jede Domain gesetzt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
"Voreinstellung: nicht gesetzt (SSSD wird den von LDAP erhaltenen Wert "
"benutzen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr "allowed_shells (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -1098,12 +1199,12 @@ msgstr ""
"Reihenfolge der Auswertung ist:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr "1. Falls die Shell in »/etc/shells« vorhanden ist, wird sie benutzt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -1112,7 +1213,7 @@ msgstr ""
"shells« steht, wird der Wert des Parameters »shell_fallback« verwendet."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -1121,12 +1222,12 @@ msgstr ""
"steht, wird eine Nicht-Login-Shell benutzt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1134,13 +1235,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
"Eine leere Zeichenkette als Shell wird, so wie sie ist, an Libc übergeben."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -1149,28 +1250,28 @@ msgstr ""
"Fall einer neu installierten Shell ein Neustart von SSSD nötig ist."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
"Voreinstellung: nicht gesetzt. Die Benutzer-Shell wird automatisch verwendet."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr "ersetzt jedwede Instanz dieser Shells durch die aus »shell_fallback«."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr "shell_fallback (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -1178,17 +1279,17 @@ msgstr ""
"auf dem Rechner installiert ist."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr "Voreinstellung: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr "default_shell"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
@@ -1198,7 +1299,7 @@ msgstr ""
"jede Domain gesetzt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
@@ -1208,12 +1309,12 @@ msgstr ""
"Vernünftiges, üblicherweise /bin/sh, ersetzt.)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr "get_domains_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
@@ -1222,31 +1323,49 @@ msgstr ""
"gültig erachtet wird."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr "memcache_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
+#, fuzzy
+#| msgid ""
+#| "Specifies time in seconds for which records in the in-memory cache will "
+#| "be valid"
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
"gibt die Zeit in Sekunden an, in denen Datensätze im speicherinternen "
"Zwischenspeicher als gültig erachtet werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr "Voreinstellung: 300"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+#, fuzzy
+#| msgid ""
+#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+#| "applications will not use the fast in memory cache."
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+"Falls die Umgebungsvariable SSS_NSS_USE_MEMCACHE auf »NO« gesetzt ist, "
+"nutzen Client-Anwendungen den schnellen speicherinternen Zwischenspeicher "
+"nicht."
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr "user_attributes (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1257,24 +1376,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr "PAM-Konfigurationsoptionen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -1283,12 +1402,12 @@ msgstr ""
"Authentication Module« (PAM) einzurichten."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -1298,17 +1417,17 @@ msgstr ""
"erfolgreichen Anmeldung)?"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr "Voreinstellung: 0 (unbegrenzt)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -1317,12 +1436,12 @@ msgstr ""
"Authentifizierungsanbieter offline ist?"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -1332,7 +1451,7 @@ msgstr ""
"Anmeldeversuch möglich ist."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1344,17 +1463,17 @@ msgstr ""
"Authentifizierung reaktivieren."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr "Voreinstellung: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1363,43 +1482,43 @@ msgstr ""
"angezeigt werden. Je höher die Zahl, desto mehr Nachrichten werden angezeigt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr "Derzeit unterstützt SSSD folgende Werte:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: keine Nachricht anzeigen"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: nur wichtige Nachrichten anzeigen"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: nur informative Nachrichten anzeigen"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis>: alle Nachrichten und Debug-Informationen anzeigen"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "Voreinstellung: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1411,7 +1530,7 @@ msgstr ""
"den neusten Informationen erfolgt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1425,17 +1544,17 @@ msgstr ""
"viele Abfragen der Identitätsanbieter zu vermeiden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr "zeigt N Tage vor Ablauf des Passworts eine Warnung an."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1446,7 +1565,7 @@ msgstr ""
"SSSD keine Warnung anzeigen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
@@ -1456,7 +1575,7 @@ msgstr ""
"automatisch angezeigt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
@@ -1464,106 +1583,186 @@ msgstr ""
"Diese Einstellung kann durch Setzen von <emphasis>pwd_expiration_warning</"
"emphasis> für eine bestimmte Domain außer Kraft gesetzt werden."
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Voreinstellung: 0"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
+#, fuzzy
+#| msgid ""
+#| "Specifies the comma-separated list of UID values or user names that are "
+#| "allowed to access the InfoPipe responder. User names are resolved to UIDs "
+#| "at startup."
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
+"Gibt eine durch Kommata getrennte Liste der Benutzer-ID-Werte oder "
+"Benutzernamen an, denen der Zugriff auf den InfoPipe-Responder erlaubt ist. "
+"Benutzernamen werden beim Start in Benutzer-IDs aufgelöst."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr "Voreinstellung: none"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1064
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_expired_message = Account expired, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1073
+#, fuzzy
+#| msgid "ldap_ns_account_lock (string)"
+msgid "pam_account_locked_message (string)"
+msgstr "ldap_ns_account_lock (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+#, fuzzy
+#| msgid "enumerate (bool)"
+msgid "pam_cert_auth (bool)"
+msgstr "enumerate (Boolesch)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr "Voreinstellung: False"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "pam_cert_db_path (string)"
+msgstr "ipa_hbac_search_base (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
#, fuzzy
#| msgid "pam_id_timeout (integer)"
msgid "p11_child_timeout (integer)"
msgstr "pam_id_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr "Sudo-Konfigurationsoptionen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1581,12 +1780,12 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr "sudo_timed (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
@@ -1596,23 +1795,23 @@ msgstr ""
"nicht."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr "AUTOFS-Konfigurationsoptionen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
"Diese Optionen können zum Konfigurieren des Dienstes »autofs« benutzt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1623,23 +1822,23 @@ msgstr ""
"nicht existierende), bevor das Backend erneut befragt wird."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr "SSH-Konfigurationsoptionen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
"Diese Optionen können zum Konfigurieren des SSH-Dienstes benutzt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr "ssh_hash_known_hosts (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
@@ -1648,12 +1847,12 @@ msgstr ""
"»known_hosts« zusammengemischt werden oder nicht."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr "ssh_known_hosts_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
@@ -1662,38 +1861,38 @@ msgstr ""
"»known_hosts« behalten wird, bevor seine Rechnerschlüssel abgefragt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr "Voreinstellung: 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
#, fuzzy
#| msgid "mail_dir (string)"
msgid "ca_db (string)"
msgstr "mail_dir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
#| msgid "Default: /etc/krb5.keytab"
msgid "Default: /etc/pki/nssdb"
msgstr "Voreinstellung: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr "PAC-Responder-Konfigurationsoptionen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1712,7 +1911,7 @@ msgstr ""
"ausgewertet wurde, werden einige der folgenden Transaktionen durchgeführt:"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1730,7 +1929,7 @@ msgstr ""
"werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
@@ -1739,18 +1938,18 @@ msgstr ""
"diesen Gruppen hinzugefügt."
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
"Diese Optionen können zur Konfiguration des PAC-Responders verwendet werden."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr "allowed_uids (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1761,14 +1960,14 @@ msgstr ""
"beim Starten zu UIDs aufgelöst."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
"Voreinstellung: 0 (Nur dem Benutzer Root ist der Zugriff auf den PAC-"
"Responder gestattet.)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1780,18 +1979,32 @@ msgstr ""
"auf den PAC-Responder gewähren möchten, was der Normalfall ist, müssen Sie "
"der Liste der erlaubten UIDs auch die 0 hinzufügen."
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "pam_id_timeout (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "pam_id_timeout (Ganzzahl)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr "DOMAIN-ABSCHNITTE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1800,7 +2013,7 @@ msgstr ""
"enthält, der jenseits dieser Beschränkungen liegt, wird er ignoriert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1813,7 +2026,7 @@ msgstr ""
"werden jene, die im Bereich liegen, wie erwartet gemeldet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
@@ -1822,17 +2035,17 @@ msgstr ""
"den Zwischenspeicher und nicht nur ihre Rückgabe über Name oder ID."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Voreinstellung: 1 für »min_id«, 0 (keine Beschränkung) für »max_id«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr "enumerate (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1841,22 +2054,22 @@ msgstr ""
"der folgenden Werte haben:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = Benutzer und Gruppen werden aufgezählt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = keine Aufzählungen für diese Domain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr "Voreinstellung: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1876,7 +2089,7 @@ msgstr ""
"die Mitgliedschaften neu berechnet werden müssen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1886,7 +2099,7 @@ msgstr ""
"Ergebnisse zurück."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1901,7 +2114,7 @@ msgstr ""
"benutzten »id_provider«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
@@ -1910,32 +2123,32 @@ msgstr ""
"insbesondere in großen Umgebungen, nicht empfohlen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr "subdomain_enumerate (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr "all"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr "Alle entdeckten vertrauenswürdigen Domains werden aufgezählt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr "none"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr "Keine der entdeckten vertrauenswürdigen Domains wird aufgezählt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1949,12 +2162,12 @@ msgstr ""
"Domains aktivieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1963,7 +2176,7 @@ msgstr ""
"soll, bevor das Backend erneut abgefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1981,17 +2194,17 @@ msgstr ""
"wurden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr "Voreinstellung: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
@@ -2000,19 +2213,19 @@ msgstr ""
"betrachten soll, bevor das Backend erneut abgefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr "Voreinstellung: entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
@@ -2021,12 +2234,12 @@ msgstr ""
"betrachten soll, bevor das Backend erneut abgefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
@@ -2035,12 +2248,12 @@ msgstr ""
"betrachten soll, bevor das Backend erneut abgefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
@@ -2049,12 +2262,12 @@ msgstr ""
"betrachten soll, bevor das Backend erneut abgefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr "entry_cache_sudo_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
@@ -2063,12 +2276,12 @@ msgstr ""
"bevor das Backend erneut abgefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr "entry_cache_autofs_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
@@ -2078,24 +2291,24 @@ msgstr ""
"wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr "refresh_expired_interval (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
@@ -2105,49 +2318,49 @@ msgstr ""
"abgelaufenen oder beinahe abgelaufenen Daten aktualisiert werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
"Sie können in Betracht ziehen, diesen Wert auf 3/4 * entry_cache_timeout zu "
"setzen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr "Voreinstellung: 0 (deaktiviert)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr "cache_credentials (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"bestimmt, ob auch Benutzerberechtigungen im lokalen LDB-Zwischenspeicher "
"zwischengespeichert werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"Benutzerberechtigungen werden in einem SHA512-Hash, nicht im Klartext "
"gespeichert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -2155,24 +2368,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -2185,17 +2398,17 @@ msgstr ""
"Parameters muss größer oder gleich »offline_credentials_expiration« sein."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr "Voreinstellung: 0 (unbegrenzt)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr "pwd_expiration_warning (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -2208,17 +2421,17 @@ msgstr ""
"Authentifizierungsanbieter konfiguriert werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr "Voreinstellung: 7 (Kerberos), 0 (LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr "id_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
@@ -2226,17 +2439,17 @@ msgstr ""
"werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr "»proxy«: unterstützt einen veralteten NSS-Anbieter."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr "»local«: SSSDs interner Anbieter für lokale Benutzer"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2247,8 +2460,8 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2261,8 +2474,8 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2274,12 +2487,12 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
@@ -2289,7 +2502,7 @@ msgstr ""
"Benutzers, der an NSS gemeldet wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2303,7 +2516,7 @@ msgstr ""
"test@LOCAL</command> würde ihn hingegen finden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -2315,22 +2528,22 @@ msgstr ""
"nicht voll qualifizierter Name angefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr "ignore_group_members (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr "gibt beim Nachschlagen der Gruppe nicht die Gruppenmitglieder zurück."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -2342,7 +2555,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -2350,12 +2563,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr "auth_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -2364,7 +2577,7 @@ msgstr ""
"Authentifizierungsanbieter werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2375,7 +2588,7 @@ msgstr ""
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2387,19 +2600,19 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
"»proxy« zur Weitergabe der Authentifizierung an irgendein anderes PAM-Ziel"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "»none« deaktiviert explizit die Authentifizierung."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -2408,12 +2621,12 @@ msgstr ""
"mit Authentifizierungsanfragen umgehen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr "access_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2424,7 +2637,7 @@ msgstr ""
"Backends enthalten sind). Interne Spezialanbieter sind:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
@@ -2433,12 +2646,12 @@ msgstr ""
"für eine lokale Domain."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr "»deny« verweigert dem Zugriff immer."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2451,17 +2664,44 @@ msgstr ""
"simple</refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+#, fuzzy
+#| msgid ""
+#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
+#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring Kerberos."
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+"»krb5« für Kerberos-Authentifizierung. Weitere Informationen über die "
+"Konfiguration von Kerberos finden Sie unter <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+#, fuzzy
+#| msgid ""
+#| "<quote>proxy</quote> for relaying password changes to some other PAM "
+#| "target."
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+"»proxy« zur Weitergabe der Passwortänderung an irgendein anderes PAM-Ziel"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr "Voreinstellung: »permit«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr "chpass_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -2470,7 +2710,7 @@ msgstr ""
"Folgende Anbieter von Passwortänderungen werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2482,7 +2722,7 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2494,19 +2734,19 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
"»proxy« zur Weitergabe der Passwortänderung an irgendein anderes PAM-Ziel"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr "»none« verbietet explizit Passwortänderungen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -2515,19 +2755,19 @@ msgstr ""
"kann mit Passwortänderungsanfragen umgehen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr "sudo_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
"der für diese Domain benutzte Sudo-Anbieter. Folgende Sudo-Anbieter werden "
"unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2538,7 +2778,7 @@ msgstr ""
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
@@ -2547,7 +2787,7 @@ msgstr ""
"Vorgabeeinstellungen für IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
@@ -2556,19 +2796,19 @@ msgstr ""
"Vorgabeeinstellungen für AD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "»none« deaktiviert explizit Sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
"Voreinstellung: Falls gesetzt, wird der Wert von »id_provider« benutzt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2585,12 +2825,12 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr "selinux_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2601,7 +2841,7 @@ msgstr ""
"Zugriffsanbieter beendet hat. Folgende SELinux-Anbieter werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2613,12 +2853,12 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr "»none« verbietet explizit das Abholen von SELinux-Einstellungen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
@@ -2627,12 +2867,12 @@ msgstr ""
"kann SELinux-Ladeanfragen handhaben."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr "subdomains_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
@@ -2642,7 +2882,7 @@ msgstr ""
"werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2654,7 +2894,7 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2663,17 +2903,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr "»none« deaktiviert explizit das Abholen von Subdomains."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr "autofs_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
@@ -2681,7 +2921,7 @@ msgstr ""
"»autofs« werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2693,7 +2933,7 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2705,17 +2945,34 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+#, fuzzy
+#| msgid ""
+#| "<quote>ipa</quote> to load maps stored in an IPA server. See "
+#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring IPA."
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+"»ipa«, um auf einem IPA-Server gespeicherte Abbilder zu laden. Weitere "
+"Informationen über die Konfiguration von IPA finden Sie unter <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr "»none« deaktiviert explizit »autofs«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr "hostid_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
@@ -2724,7 +2981,7 @@ msgstr ""
"wird. Folgende Anbieter von »hostid« werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2736,12 +2993,12 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr "»none« deaktiviert explizit »hostid«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2756,7 +3013,7 @@ msgstr ""
"(NetBIOS-) Namen der Domain entsprechen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2768,22 +3025,22 @@ msgstr ""
"P&lt;Name&gt;[^@\\\\]+)$))« "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr "Benutzername"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr "Benutzername@Domain.Name"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr "Domain\\Benutzername"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
@@ -2793,7 +3050,7 @@ msgstr ""
"Windows-Domains zu ermöglichen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2803,7 +3060,7 @@ msgstr ""
"bedeutet »der Name ist alles bis zum »@«-Zeichen, die Domain alles danach«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2815,7 +3072,7 @@ msgstr ""
"eindeutig benannte Musterteile unterstützen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2824,17 +3081,17 @@ msgstr ""
"Beschriftungsmusterteile nur die Python-Syntax (?P&lt;Name&gt;)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Voreinstellung: »%1$s@%2$s«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -2842,46 +3099,46 @@ msgstr ""
"ermöglicht es, die bei DNS-Abfragen zu bevorzugende Adressfamilie zu wählen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr "unterstützte Werte:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
"ipv4_first: versucht die IPv4- und, falls dies fehlschlägt, die IPv6-Adresse "
"nachzuschlagen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr "ipv4_only: versucht, nur Rechnernamen zu IPv4-Adressen aufzulösen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
"ipv6_first: versucht die IPv6- und, falls dies fehlschlägt, die IPv4-Adresse "
"nachzuschlagen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr "ipv6_only: versucht, nur Rechnernamen zu IPv6-Adressen aufzulösen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr "Voreinstellung: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2893,18 +3150,18 @@ msgstr ""
"Offline-Modus arbeiten."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr "Voreinstellung: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -2913,52 +3170,52 @@ msgstr ""
"DNS-Dienstabfrage an."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr "Voreinstellung: Der Domain-Teil des Rechnernamens wird benutzt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr "override_gid (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr "überschreibt die Haupt-GID mit der angegebenen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2966,7 +3223,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2974,46 +3231,87 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
-msgstr "proxy_fast_alias (Boolesch)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr "ldap_use_tokengroups"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
msgstr ""
-"Wenn ein Benutzer oder eine Gruppe anhand des Namen im Anbieter »proxy« "
-"nachgeschlagen wird, wird zusätzlich auch die ID aufgelöst. So wird der Name "
-"für den Fall, dass er ein Alias ist, in eine »kanonische« Form gebracht. "
-"Diese Option auf »True« zu setzen würde SSSD aus Leistungsgründen dazu "
-"veranlassen, die ID im Zwischenspeicher nachzuschlagen."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+#, fuzzy
+#| msgid "This option is not available in IPA provider."
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr "Diese Option ist für IPA-Anbieter nicht verfügbar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr "subdomain_homedir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr "%F"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr "flacher (NetBIOS-) Name einer Subdomain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -3028,7 +3326,7 @@ msgstr ""
"verwendet werden. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
@@ -3036,17 +3334,17 @@ msgstr ""
"überschrieben werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr "Voreinstellung: <filename>/home/%d/%u</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr "realmd_tags (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
@@ -3054,14 +3352,14 @@ msgstr ""
"Kennzeichnungen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
#, fuzzy
#| msgid "memcache_timeout (int)"
msgid "cached_auth_timeout (int)"
msgstr "memcache_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -3069,12 +3367,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3082,7 +3380,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3094,17 +3392,17 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr "das Proxy-Ziel, an das PAM weiterleitet"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -3114,12 +3412,12 @@ msgstr ""
"hinzufügen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3129,8 +3427,27 @@ msgstr ""
"Die in der NSS-Funktionen gesuchten Funktionen haben die Form »_nss_"
"$(libName)_$(function)«, zum Beispiel »_nss_files_getpwent«."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr "proxy_fast_alias (Boolesch)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+"Wenn ein Benutzer oder eine Gruppe anhand des Namen im Anbieter »proxy« "
+"nachgeschlagen wird, wird zusätzlich auch die ID aufgelöst. So wird der Name "
+"für den Fall, dass er ein Alias ist, in eine »kanonische« Form gebracht. "
+"Diese Option auf »True« zu setzen würde SSSD aus Leistungsgründen dazu "
+"veranlassen, die ID im Zwischenspeicher nachzuschlagen."
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -3139,12 +3456,12 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr "Der Abschnitt lokale Domain"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -3155,29 +3472,29 @@ msgstr ""
"<replaceable>ID_Anbieter=lokal</replaceable> benutzt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr "default_shell (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"die Standard-Shell für Anwender, die mit den SSSD-Werkzeugen für den "
"Benutzerbereich erstellt wurde."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Voreinstellung: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr "base_directory (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -3186,17 +3503,17 @@ msgstr ""
"replaceable> und benutzen dies als Home-Verzeichnis."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr "Voreinstellung: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr "create_homedir (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -3205,17 +3522,17 @@ msgstr ""
"werden soll; kann auf der Befehlszeile überschrieben werden"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr "Voreinstellung: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr "remove_homedir (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -3224,12 +3541,12 @@ msgstr ""
"entfernt werden soll; kann auf der Befehlszeile überschrieben werden"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr "homedir_umask (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3240,17 +3557,17 @@ msgstr ""
"Standardzugriffsrechte für ein neu erstelltes Home-Verzeichnis anzugeben."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr "Voreinstellung: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr "skel_dir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -3263,17 +3580,17 @@ msgstr ""
"<manvolnum>8</manvolnum> </citerefentry> erstellt wird"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Voreinstellung: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr "mail_dir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -3284,17 +3601,17 @@ msgstr ""
"wurde. Ist dies nicht angegeben wird ein Standardwert verwendet."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr "Voreinstellung: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -3306,19 +3623,19 @@ msgstr ""
"berücksichtigt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr "Voreinstellung: keine, es wird kein Befehl ausgeführt"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "BEISPIEL"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -3372,7 +3689,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -3436,7 +3753,7 @@ msgstr ""
"unter »ldap_access_filter«."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "KONFIGURATIONSOPTIONEN"
@@ -3559,8 +3876,8 @@ msgstr ""
"rfc/rfc2254.txt spezifiziert, sein."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr "Beispiele:"
@@ -3883,7 +4200,7 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -3892,7 +4209,7 @@ msgstr ""
"übergeordneten Objekt enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr "Voreinstellung: modifyTimestamp"
@@ -4360,8 +4677,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "das LDAP-Attribut, das dem vollständigen Benutzernamen entspricht"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr "Voreinstellung: cn"
@@ -4589,11 +4906,32 @@ msgstr "Voreinstellung: groupType im AD-Anbieter, anderenfalls nicht gesetzt"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
+#, fuzzy
+#| msgid "ldap_group_member (string)"
+msgid "ldap_group_external_member (string)"
+msgstr "ldap_group_member (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:948
+msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+#, fuzzy
+#| msgid "Default: groupType in the AD provider, othewise not set"
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr "Voreinstellung: groupType im AD-Anbieter, anderenfalls nicht gesetzt"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:948
+#: sssd-ldap.5.xml:964
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4605,7 +4943,7 @@ msgstr ""
"das Schema RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -4622,12 +4960,19 @@ msgstr ""
"erfolgt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
+#, fuzzy
+#| msgid ""
+#| "If ldap_group_nesting_level is set to 0 then no nested groups are "
+#| "processed at all. However, when connected to Active-Directory Server 2008 "
+#| "and later it is furthermore required to disable usage of Token-Groups by "
+#| "setting ldap_use_tokengroups to false."
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
"Falls ldap_group_nesting_level auf 0 gesetzt ist, werden überhaupt keine "
"verschachtelten Gruppen verarbeitet. Es ist außerdem notwendig, für den "
@@ -4636,17 +4981,17 @@ msgstr ""
"auf »falsch« gesetzt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr "Voreinstellung: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr "ldap_groups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -4658,7 +5003,7 @@ msgstr ""
"beschleunigen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
@@ -4668,7 +5013,7 @@ msgstr ""
"Leistungssteigerung."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -4679,7 +5024,7 @@ msgstr ""
"»True« eigentlich »auto-detect«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4691,19 +5036,13 @@ msgstr ""
"der <ulink url=\"http://msdn.microsoft.com/en-us/library/windows/desktop/"
"aa746475%28v=vs.85%29.aspx\"> MSDN™-Dokumentation</ulink>."
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr "Voreinstellung: False"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr "ldap_initgroups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4715,7 +5054,7 @@ msgstr ""
"verschachtelten Gruppen)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
@@ -4725,76 +5064,76 @@ msgstr ""
"und neuere Versionen ausgeführt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr "die Objektklasse eines Netzgruppeneintrags in LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
"Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_object_class« benutzt "
"werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr "Voreinstellung: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "das LDAP-Attribut, das dem Netzgruppennamen entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
"Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_name« benutzt werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr "das LDAP-Attribut, das die Namen der Netzgruppenmitglieder enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
"Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_member« benutzt werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr "Voreinstellung: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
@@ -4802,42 +5141,42 @@ msgstr ""
"enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr "Diese Option ist für IPA-Anbieter nicht verfügbar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr "Voreinstellung: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr "die Objektklasse eines Diensteintrags in LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr "Voreinstellung: ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
@@ -4845,49 +5184,49 @@ msgstr ""
"das LDAP-Attribut, das die Namen von Dienstattributen und ihre Alias enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "das LDAP-Attribut, das den von diesem Dienst verwalteten Port enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr "Voreinstellung: ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
"das LDAP-Attribut, das die von diesem Dienst verstandenen Protokolle enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr "Voreinstellung: ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4898,7 +5237,7 @@ msgstr ""
"Ergebnisse zurückgegeben werden (und in den Offline-Modus gegangen wird)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4909,12 +5248,12 @@ msgstr ""
"Zeitüberschreitungspunkten für spezielle Nachschlagetypen ersetzt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4926,12 +5265,12 @@ msgstr ""
"(und in den Offline-Modus gegangen wird)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4948,12 +5287,12 @@ msgstr ""
"citerefentry> zurückkehrt, falls keine Aktivität stattfindet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4962,12 +5301,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4981,17 +5320,17 @@ msgstr ""
"Lebensdauer) verwendet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr "Voreinstellung: 900 (15 Minuten)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -5001,17 +5340,17 @@ msgstr ""
"pro Anfrage."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr "Voreinstellung: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr "ldap_disable_paging (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -5023,7 +5362,7 @@ msgstr ""
"deaktiviert ist oder sich nicht ordnungsgemäß verhält."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
@@ -5033,7 +5372,7 @@ msgstr ""
"aber nicht in der Lage, es zu benutzen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -5045,17 +5384,17 @@ msgstr ""
"abgelehnt werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr "ldap_disable_range_retrieval (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr "deaktiviert die Bereichsabfrage von Active Directory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5071,12 +5410,12 @@ msgstr ""
"es so aussehen, als ob große Gruppen keine Mitglieder hätten."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr "ldap_sasl_minssf (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -5087,19 +5426,19 @@ msgstr ""
"Werte dieser Option werden durch OpenLDAP definiert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
"Voreinstellung: verwendet die Voreinstellungen des System (normalerweise in "
"»ldap.conf« angegeben)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5111,7 +5450,7 @@ msgstr ""
"nachgeschlagen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
@@ -5119,7 +5458,7 @@ msgstr ""
"den Wert auf 0 setzen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -5132,7 +5471,7 @@ msgstr ""
"unterstützten Server sind 389/RHDS, OpenLDAP und Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -5143,12 +5482,12 @@ msgstr ""
"Nachschlagen ohne Rücksicht auf die Einstellung deaktiviert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -5158,7 +5497,7 @@ msgstr ""
"Werte angegeben werden:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -5167,7 +5506,7 @@ msgstr ""
"oder anfordern."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5179,7 +5518,7 @@ msgstr ""
"Sitzung fährt normal fort."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5190,7 +5529,7 @@ msgstr ""
"ungültiges Zertifikat bereitgestellt wird, wird die Sitzung sofort beendet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -5201,22 +5540,22 @@ msgstr ""
"sofort beendet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = entspricht »demand«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr "Voreinstellung: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -5225,7 +5564,7 @@ msgstr ""
"die <command>sssd</command> erkennen wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -5234,12 +5573,12 @@ msgstr ""
"<filename>/etc/openldap/ldap.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -5253,33 +5592,33 @@ msgstr ""
"Erstellen der korrekten Namen verwendet werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
"gibt die Datei an, die das Zertifikat für den Schlüssel des Clients enthält."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr "gibt die Datei an, die den Schlüssel des Clients enthält."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5287,12 +5626,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -5301,12 +5640,12 @@ msgstr ""
"\">tls</systemitem> benutzen muss, um den Kanal abzusichern."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr "ldap_id_mapping (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5318,19 +5657,19 @@ msgstr ""
"verlassen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
"Derzeit unterstützt diese Funktionalität nur das Abbilden von Active-"
"Directory-ObjectSIDs."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr "ldap_min_id, ldap_max_id (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -5349,17 +5688,17 @@ msgstr ""
"Abbildung von IDs wählen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr "Voreinstellung: nicht gesetzt (beide Optionen sind auf 0 gesetzt)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -5368,12 +5707,12 @@ msgstr ""
"GSSAPI getestet und wird unterstützt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -5388,17 +5727,17 @@ msgstr ""
"enthalten."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr "Voreinstellung Rechner/MeinRechner@BEREICH"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr "ldap_sasl_realm (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -5409,17 +5748,17 @@ msgstr ""
"»ldap_sasl_authid« ebenfalls den Realm enthält, wird diese Option ignoriert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr "Voreinstellung: der Wert von »krb5_realm«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -5429,34 +5768,34 @@ msgstr ""
"Bind in eine kanonische Form zu bringen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr "Voreinstellung: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "gibt die Keytab an, wenn SASL/GSSAPI benutzt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Voreinstellung: Keytab des Systems, normalerweise <filename>/etc/krb5."
"keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -5467,28 +5806,28 @@ msgstr ""
"ausgewählte Mechnaismus GSSAPI ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
"gibt die Lebensdauer eines TGT in Sekunden an, falls GSSAPI benutzt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr "Voreinstellung: 86400 (24 Stunden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr "krb5_server, krb5_backup_server (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5507,7 +5846,7 @@ msgstr ""
"Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5518,7 +5857,7 @@ msgstr ""
"Protokoll angeben. Falls keine gefunden werden, weicht es auf _tcp aus."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -5530,29 +5869,29 @@ msgstr ""
"migrieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "gibt den Kerberos-REALM an (für SASL/GSSAPI-Authentifizierung)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Voreinstellung: Systemvoreinstellungen, siehe <filename>/etc/krb5.conf</"
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -5562,12 +5901,12 @@ msgstr ""
"Kerberos >= 1.7 verfügbar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr "krb5_use_kdcinfo (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5583,7 +5922,7 @@ msgstr ""
"manvolnum> </citerefentry> einrichten."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5594,12 +5933,12 @@ msgstr ""
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -5608,7 +5947,7 @@ msgstr ""
"Passworts abgeschätzt werden soll. Die folgenden Werte sind erlaubt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -5617,7 +5956,7 @@ msgstr ""
"kann keine Server-seitigen Passwortregelwerke deaktivieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5628,7 +5967,7 @@ msgstr ""
"manvolnum></citerefentry>, um abzuschätzen, ob das Passwort erloschen ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5640,7 +5979,7 @@ msgstr ""
"Passwort geändert wurde."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
@@ -5650,17 +5989,17 @@ msgstr ""
"festgelegten Regel."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr "gibt an, ob automatische Verweisverfolgung aktiviert werden soll."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -5669,7 +6008,7 @@ msgstr ""
"mit OpenLDAP Version 2.4.13 oder höher kompiliert wurde."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5683,28 +6022,28 @@ msgstr ""
"merkliche Leistungsverbesserung bringen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"gibt an, welcher Dienstname bei aktivierter Dienstsuche benutzt werden soll."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr "Voreinstellung: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -5713,17 +6052,17 @@ msgstr ""
"soll, der Passwortänderungen bei aktivierter Dienstsuche ermöglicht."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr "Voreinstellung: nicht gesetzt, d.h. Dienstsuche ist deaktiviert"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr "ldap_chpass_update_last_change (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
@@ -5732,12 +6071,12 @@ msgstr ""
"Passwortänderung mit Unix-Zeit geändert wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5767,12 +6106,12 @@ msgstr ""
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr "Beispiel:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -5784,7 +6123,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
@@ -5793,7 +6132,7 @@ msgstr ""
"beschränkt, deren employeeType-Attribut auf »admin« gesetzt ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -5805,17 +6144,17 @@ msgstr ""
"Falls ja, wird weiterhin offline Zugriff gegeben und umgekehrt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr "Voreinstellung: leer"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -5824,7 +6163,7 @@ msgstr ""
"Zugriffssteuerungsattribute aktiviert werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5835,12 +6174,12 @@ msgstr ""
"einem geeigneten Fehlercode zurückweisen, wenn das Passwort korrekt ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr "Die folgenden Werte sind erlaubt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -5849,7 +6188,7 @@ msgstr ""
"»ldap_user_shadow_expire«, um zu bestimmen, ob das Konto abgelaufen ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5862,7 +6201,7 @@ msgstr ""
"gewährt. Außerdem wird die Ablaufzeit des Kontos geprüft."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5873,7 +6212,7 @@ msgstr ""
"Zugriff erlaubt wird oder nicht."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5886,7 +6225,7 @@ msgstr ""
"Zugriff gewährt wird. Falls diese Attribute fehlen, wird Zugriff erteilt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -5897,24 +6236,24 @@ msgstr ""
"»ldap_account_expire_policy« funktioniert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"durch Kommata getrennte Liste von Zugriffssteuerungsoptionen. Folgende Werte "
"sind erlaubt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis>: verwendet »ldap_access_filter«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5924,14 +6263,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5944,12 +6283,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>expire</emphasis>: verwendet »ldap_account_expire_policy«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5959,7 +6298,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5969,20 +6308,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -5991,19 +6330,19 @@ msgstr ""
"»authorizedService«, um zu bestimmen, ob Zugriff gewährt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis>: verwendet das Attribut »host«, um zu bestimmen, "
"ob Zugriff gewährt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr "Voreinstellung: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -6012,12 +6351,12 @@ msgstr ""
"mehr als einmal benutzt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -6026,22 +6365,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr "ldap_deref (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -6050,12 +6389,12 @@ msgstr ""
"folgenden Optionen sind erlaubt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr "<emphasis>never</emphasis>: Alias werden nie dereferenziert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -6065,7 +6404,7 @@ msgstr ""
"Suche."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -6074,7 +6413,7 @@ msgstr ""
"der Suche dereferenziert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -6083,7 +6422,7 @@ msgstr ""
"Orten des Basisobjekts der Suche dereferenziert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -6092,12 +6431,12 @@ msgstr ""
"<emphasis>never</emphasis> gehandhabt.)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr "ldap_rfc2307_fallback_to_local_users (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
@@ -6106,7 +6445,7 @@ msgstr ""
"beizubehalten, die das Schema RFC2307 benutzen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -6124,7 +6463,7 @@ msgstr ""
"getpw*() oder initgroups() abzurufen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -6135,26 +6474,26 @@ msgstr ""
"die lokalen Benutzer um zusätzliche LDAP-Gruppen erweitert werden."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
#, fuzzy
#| msgid "ldap_opt_timeout (integer)"
msgid "wildcart_limit (integer)"
msgstr "ldap_opt_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -6174,12 +6513,12 @@ msgstr ""
"type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr "SUDO-OPTIONEN"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -6190,52 +6529,52 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr "die Objektklasse eines Sudo-Regeleintrags in LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr "Voreinstellung: sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "das LDAP-Attribut, das dem Namen der Sudo-Regel entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr "das LDAP-Attribut, das dem Namen des Befehls entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr "Voreinstellung: sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
@@ -6244,17 +6583,17 @@ msgstr ""
"Netzwerk oder des Netzwerkgruppe des Rechners) entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr "Voreinstellung: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
@@ -6263,32 +6602,32 @@ msgstr ""
"oder der Netzwerkgruppe des Benutzers) entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr "Voreinstellung: sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "das LDAP-Attribut, das den Sudo-Optionen entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr "Voreinstellung: sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
@@ -6297,17 +6636,17 @@ msgstr ""
"ausgeführt werden können"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr "Voreinstellung: sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
@@ -6316,17 +6655,17 @@ msgstr ""
"worunter Befehle ausgeführt werden können"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr "Voreinstellung: sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
@@ -6335,17 +6674,17 @@ msgstr ""
"Sudo-Regel gültig wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr "Voreinstellung: sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
@@ -6354,32 +6693,32 @@ msgstr ""
"der die Sudo-Regel nicht länger gültig ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr "Voreinstellung: sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "das LDAP-Attribut, das dem Reihenfolgenindex der Regel entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr "Voreinstellung: sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr "ldap_sudo_full_refresh_interval (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
@@ -6389,7 +6728,7 @@ msgstr ""
"heruntergeladen werden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
@@ -6398,17 +6737,17 @@ msgstr ""
"emphasis> sein."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr "Voreinstellung: 21600 (6 Stunden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr "ldap_sudo_smart_refresh_interval (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -6419,7 +6758,7 @@ msgstr ""
"höchste USN der zwischengespeicherten Regeln haben, heruntergeladen werden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
@@ -6428,12 +6767,12 @@ msgstr ""
"das Attribut »modifyTimestamp« benutzt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr "ldap_sudo_use_host_filter (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -6443,12 +6782,12 @@ msgstr ""
"Netzwerkadressen und Rechnernamen)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr "ldap_sudo_hostnames (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
@@ -6457,7 +6796,7 @@ msgstr ""
"Domain-Namen, die zum Filtern der Regeln benutzt werden sollen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
@@ -6466,8 +6805,8 @@ msgstr ""
"voll qualifizierten Domain-Namen automatisch herauszufinden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
@@ -6476,17 +6815,17 @@ msgstr ""
"emphasis> ist, hat diese Option keine Auswirkungen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr "Voreinstellung: nicht angegeben"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr "ldap_sudo_ip (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
@@ -6495,7 +6834,7 @@ msgstr ""
"Netzwerkadressen, die zum Filtern der Regeln benutzt werden sollen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
@@ -6504,12 +6843,12 @@ msgstr ""
"herauszufinden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr "ldap_sudo_include_netgroups (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
@@ -6518,12 +6857,12 @@ msgstr ""
"eine Netzgruppe im Attribut »sudoHost« enthält."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr "ldap_sudo_include_regexp (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
@@ -6532,7 +6871,7 @@ msgstr ""
"einen Platzhalter im Attribut »sudoHost« enthält."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6545,71 +6884,71 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr "AUTOFS-OPTIONEN"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr "ldap_autofs_map_master_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr "Der Name der Automount-Master-Abbildung in LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr "Voreinstellung: auto.master"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr "die Objektklasse eines Automount-Abbildungseintrags in LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr "Voreinstellung: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr "der Name eines Automount-Abbildungseintrags in LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr "Voreinstellung: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
#, fuzzy
#| msgid ""
#| "The key of an automount entry in LDAP. The entry usually corresponds to a "
@@ -6622,19 +6961,19 @@ msgstr ""
"Eintrag einem Einhängepunkt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: automountMap"
msgid "Default: automount"
msgstr "Voreinstellung: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
@@ -6643,24 +6982,24 @@ msgstr ""
"Eintrag einem Einhängepunkt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr "Voreinstellung: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr "Voreinstellung: automountInformation"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6673,32 +7012,32 @@ msgstr ""
"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr "ERWEITERTE OPTIONEN"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -6707,22 +7046,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -6731,7 +7070,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6742,7 +7081,7 @@ msgstr ""
"gesetzt ist."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6755,26 +7094,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6790,13 +7129,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "ANMERKUNGEN"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6837,11 +7176,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -6853,22 +7193,22 @@ msgstr ""
"Fertigkeit LOG_AUTHPRIV protokolliert."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr "unterdrückt Protokollnachrichten für unbekannte Benutzer"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
@@ -6878,12 +7218,12 @@ msgstr ""
"es nutzen können."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -6895,12 +7235,12 @@ msgstr ""
"ungeeignet ist, wird dem Benutzer der Zugriff verwehrt."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
@@ -6910,12 +7250,12 @@ msgstr ""
"bereitgestellt wird."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
@@ -6924,7 +7264,7 @@ msgstr ""
"gefragt, falls die Authentifizierung fehlschlägt. Voreinstellung ist 0."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -6936,12 +7276,12 @@ msgstr ""
"<option>PasswordAuthentication</option>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr "<option>ignore_unknown_user</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
@@ -6951,12 +7291,12 @@ msgstr ""
"Framework dieses Modul ignoriert."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr "<option>ignore_authinfo_unavail</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
@@ -6966,12 +7306,12 @@ msgstr ""
"Framework dieses Modul ignoriert."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -6979,7 +7319,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -6988,13 +7328,46 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>allow_missing_name</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr "BEREITGESTELLTE MODULTYPEN"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
@@ -7004,12 +7377,12 @@ msgstr ""
"bereitgestellt."
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr "DATEIEN"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -7021,7 +7394,7 @@ msgstr ""
"Anweisungen enthalten, wie ein Passwort zurückgesetzt wird."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -7041,7 +7414,7 @@ msgstr ""
"Leserechte haben dürfen."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -7253,7 +7626,7 @@ msgstr ""
"Lokale Gruppen werden nicht ausgewertet."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7458,18 +7831,25 @@ msgstr ""
"zu identifizieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr "dyndns_update (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:119
+#, fuzzy
+#| msgid ""
+#| "Optional. This option tells SSSD to automatically update the DNS server "
+#| "built into FreeIPA v2 with the IP address of this client. The update is "
+#| "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
+#| "for the updates, if it is not otherwise specified by using the "
+#| "<quote>dyndns_iface</quote> option."
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
"optional. Diese Option teilt SSSD mit, dass es den in FreeIPA v2 eingebauten "
"DNS-Server mit der IP-Adresse dieses Clients aktualisieren soll. Die "
@@ -7478,7 +7858,7 @@ msgstr ""
"»dyndns_iface« keine andere angegeben wurde."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -7500,12 +7880,12 @@ msgstr ""
"Konfigurationsdatei migrieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr "dyndns_ttl (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -7534,12 +7914,12 @@ msgid "Default: 1200 (seconds)"
msgstr "Voreinstellung: 1200 (Sekunden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr "dyndns_iface (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
#, fuzzy
#| msgid ""
#| "Optional. Applicable only when dyndns_update is true. Choose the "
@@ -7576,7 +7956,7 @@ msgid ""
msgstr "Voreinstellung: verwendet die IP-Adresse der IPA-LDAP-Verbindung"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -7586,7 +7966,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr "ipa_enable_dns_sites (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr "aktiviert DNS-Sites – standortbasierte Dienstsuche"
@@ -7611,12 +7991,12 @@ msgstr ""
"gefundenen als Sicherungsserver."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr "dyndns_refresh_interval (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -7627,12 +8007,12 @@ msgstr ""
"Diese Option ist optional und nur anwendbar, wenn »dyndns_update« »true« ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr "dyndns_update_ptr (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -7657,12 +8037,12 @@ msgid "Default: False (disabled)"
msgstr "Voreinstellung: False (deaktiviert)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr "dyndns_force_tcp (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
@@ -7671,40 +8051,40 @@ msgstr ""
"DNS-Server verwenden soll"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr "Voreinstellung: False (lässt Nsupdate das Protokoll auswählen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
#, fuzzy
#| msgid "dyndns_iface (string)"
msgid "dyndns_server (string)"
msgstr "dyndns_iface (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
#, fuzzy
#| msgid "Default: False (let nsupdate choose the protocol)"
msgid "Default: None (let nsupdate choose the server)"
@@ -7829,7 +8209,7 @@ msgstr ""
"prüft mit Hilfe von »krb5_keytab«, ob das erhaltene TGT keine Täuschung ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -7925,26 +8305,26 @@ msgstr ""
"Verwendung dieser Option ein Konfigurationsfehler."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -7966,7 +8346,7 @@ msgstr ""
"Zugriffssteuerungsanfragen in einer kurzen Zeitspanne ankommen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr "Voreinstellung: 5 (Sekunden)"
@@ -8296,17 +8676,23 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
+#, fuzzy
+#| msgid ""
+#| "The AD provider is able to provide identity information and "
+#| "authentication for entities from trusted domains as well. Currently only "
+#| "trusted domains in the same forest are recognized."
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
"Der AD-Anbieter stellt Identitätsinformationen bereit und ermöglicht die "
"Authentifizierung für Einträge in vertrauenswürdigen Domains. Derzeit werden "
"nur vertrauenswürdige Domains im gleichen Wald unterstützt."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -8321,11 +8707,16 @@ msgstr ""
"citerefentry> benutzt werden, mit einigen unten beschriebenen Ausnahmen."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
+#, fuzzy
+#| msgid ""
+#| "However, it is neither necessary nor recommended to set these options. "
+#| "The AD provider can also be used as an access, chpass and sudo provider. "
+#| "No configuration of the access provider is required on the client side."
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
"Allerdings ist es weder notwendig noch empfehlenswert, diese Optionen zu "
"setzen. Der AD-Anbieter kann auch als Anbieter für »access«, »chpass« und "
@@ -8333,7 +8724,7 @@ msgstr ""
"Zugriffs-Anbieters erforderlich."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -8343,7 +8734,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -8365,7 +8756,7 @@ msgstr ""
"Globalen Katalog repliziert werden."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -8376,12 +8767,12 @@ msgstr ""
"Implementation in Active Directory zu gewährleisten."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr "ad_domain (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
@@ -8390,7 +8781,7 @@ msgstr ""
"nicht angegeben, wird der Name der konfigurierten Domain benutzt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
@@ -8400,7 +8791,7 @@ msgstr ""
"angegeben werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
@@ -8409,18 +8800,23 @@ msgstr ""
"SSSD automatisch ermittelt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr "ad_server, ad_backup_server (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
+#, fuzzy
+#| msgid ""
+#| "The comma-separated list of hostnames of the AD servers to which SSSD "
+#| "should connect in order of preference. For more information on failover "
+#| "and server redundancy, see the <quote>FAILOVER</quote> section. This is "
+#| "optional if autodiscovery is enabled. For more information on service "
+#| "discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
"Die durch Kommata getrennte Liste von Rechnernamen der AD-Server in der "
"Reihenfolge, in der sich SSSD mit ihnen verbinden soll. Weitere "
@@ -8428,13 +8824,27 @@ msgstr ""
"»AUSFALLSICHERUNG«. Falls automatisches Auffinden aktiviert ist, ist dies "
"optional. Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr "ad_hostname (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -8445,7 +8855,7 @@ msgstr ""
"werden, um sie zu identifizieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
@@ -8455,12 +8865,12 @@ msgstr ""
"ausgegeben wurde."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr "ad_enable_dns_sites (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -8478,12 +8888,12 @@ msgstr ""
"Aufdeckung verwendet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr "ad_access_filter (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -8496,7 +8906,7 @@ msgstr ""
"quote> gesetzt werden muss, damit sie wirksam ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -8509,7 +8919,7 @@ msgstr ""
"<quote>FOREST</quote> sein oder auch weggelassen werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -8523,7 +8933,7 @@ msgstr ""
"<quote>NAME</quote> angegeben ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
@@ -8532,7 +8942,7 @@ msgstr ""
"so wie es auch in Suchmaschinen üblich ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -8546,7 +8956,7 @@ msgstr ""
"der erste verwendet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -8570,29 +8980,29 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr "Voreinstellung: Nicht gesetzt"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr "ad_enable_gc (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -8606,7 +9016,7 @@ msgstr ""
"dem LDAP-Port des aktuellen Servers."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -8621,12 +9031,12 @@ msgstr ""
"können."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr "ad_gpo_access_control (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -8640,7 +9050,7 @@ msgstr ""
"auf <quote>ad</quote> gesetzt werden muss, damit sie wirksam ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
@@ -8650,7 +9060,7 @@ msgstr ""
"anmelden darf."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -8673,12 +9083,12 @@ msgstr ""
"»enforcing« gesetzt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr "Für diese Option werden drei Werte unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
@@ -8686,14 +9096,14 @@ msgstr ""
"deren Anwendung erzwungen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
"enforcing: GPO-basierte Zugriffskontrollregeln werden sowohl ausgewertet als "
"auch deren Anwendung erzwungen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -8705,22 +9115,22 @@ msgstr ""
"verweigert werden würde, wenn die Option auf »enforcing« gesetzt wäre."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr "Voreinstellung: permissive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -8728,12 +9138,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -8741,14 +9151,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -8756,7 +9166,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8768,53 +9178,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -8822,7 +9257,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -8830,7 +9265,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -8838,7 +9273,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8850,17 +9285,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -8868,7 +9308,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -8876,7 +9316,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -8884,7 +9324,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8896,22 +9336,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -8919,14 +9359,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -8934,7 +9374,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8946,17 +9386,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -8964,14 +9404,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -8979,7 +9419,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -8990,19 +9430,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -9010,7 +9450,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9022,34 +9462,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -9057,12 +9502,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -9075,52 +9520,94 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 300"
+msgid "Default: 30 days"
+msgstr "Voreinstellung: 300"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr "Voreinstellung: 86400 (24 Stunden)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -9138,12 +9625,12 @@ msgstr ""
"»dyndns_iface« angegeben wurde."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr "Voreinstellung: 3600 (Sekunden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
#, fuzzy
#| msgid "Default: Use the IP address of the AD LDAP connection"
msgid ""
@@ -9152,17 +9639,17 @@ msgid ""
msgstr "Voreinstellung: verwendet die IP-Adresse der AD-LDAP-Verbindung"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr "Voreinstellung: True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr "krb5_use_enterprise_principal (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
@@ -9172,7 +9659,7 @@ msgstr ""
"Abschnitt 5 von RFC 6806."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -9184,7 +9671,7 @@ msgstr ""
"Optionen von AD."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -9208,7 +9695,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -9220,7 +9707,7 @@ msgstr ""
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -9231,7 +9718,7 @@ msgstr ""
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -9240,6 +9727,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -9834,7 +10329,7 @@ msgstr ""
"gelesen."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -9908,17 +10403,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -9926,52 +10426,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
#, fuzzy
#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_WERT</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+#, fuzzy
+#| msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr "<option>--setattr</option> <replaceable>ATTR_NAME_WERT</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -9979,29 +10517,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -10009,43 +10547,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-#, fuzzy
-#| msgid "print properties of a group"
-msgid "Override attributes of a group."
-msgstr "gibt die Eigenschaften einer Gruppe aus."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
#, fuzzy
#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_WERT</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -10053,43 +10624,43 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "SUDO OPTIONS"
msgid "COMMON OPTIONS"
msgstr "SUDO-OPTIONEN"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
#, fuzzy
#| msgid "This option is not available in IPA provider."
msgid "Those options are available with all commands."
msgstr "Diese Option ist für IPA-Anbieter nicht verfügbar."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
@@ -11482,6 +12053,47 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-g</option>,<option>--group</option> <replaceable>group</"
+#| "replaceable>"
+msgid ""
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
+"replaceable>"
+msgstr ""
+"<option>-g</option>,<option>--group</option> <replaceable>Gruppe</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:190
+#, fuzzy
+#| msgid "Invalidate all cached entries except for sudo rules."
+msgid "Invalidate particular sudo rule."
+msgstr ""
+"annulliert alle zwischengespeicherten Einträge mit Ausnahme von Sudo-Regeln."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid "<option>-R</option>,<option>--no-remove</option>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr "<option>-R</option>,<option>--no-remove</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+"annulliert alle Benutzerdatensätze. Diese Option setzt das Annullieren "
+"bestimmter Benutzer außer Kraft, falls es ebenfalls gesetzt war."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
@@ -11490,7 +12102,7 @@ msgstr ""
"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:190
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr "begrenzt den Annullierungsprozess auf eine bestimmte Domain."
@@ -12054,13 +12666,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:41
+#, fuzzy
+#| msgid ""
+#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#| "manvolnum></citerefentry> can be configured to use "
+#| "<command>sss_ssh_authorizedkeys</command> for public key user "
+#| "authentication if it is compiled with support for either "
+#| "<quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</quote> "
+#| "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+#| "manvolnum></citerefentry> options."
msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> kann so konfiguriert werden, dass es "
@@ -12071,7 +12692,7 @@ msgstr ""
"citerefentry> kompiliert wurde."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -12079,7 +12700,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -12089,31 +12710,8 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-"Falls »PubkeyAgent« unterstützt wird, kann "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> durch Setzen der folgenden Richtlinie in <citerefentry> "
-"<refentrytitle>sshd_config</refentrytitle> <manvolnum>5</manvolnum></"
-"citerefentry> zu seiner Verwendung konfiguriert werden: <placeholder type="
-"\"programlisting\" id=\"0\"/>"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
@@ -12121,12 +12719,12 @@ msgstr ""
"<replaceable>DOMAIN</replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr "EXIT-STATUS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -12651,7 +13249,7 @@ msgstr ""
"kleiner oder gleich »ldap_idmap_range_min« sein sollte."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr "Voreinstellung: 200000"
@@ -12719,17 +13317,23 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:179
+#, fuzzy
+#| msgid ""
+#| "For example, if your most recently-added Active Directory user has "
+#| "objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+#| "<quote>ldap_idmap_range_size</quote> must be at least 1107."
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
"Wenn beispielsweise der zuletzt hinzugefügte Active-Directory-Benutzer "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107 hat, muss "
"<quote>ldap_idmap_range_size</quote> mindestens 1107 sein."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -12740,12 +13344,12 @@ msgstr ""
"können Benutzer andere lokale IDs als vorher haben."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr "ldap_idmap_default_domain_sid (Zeichenkette)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -12756,22 +13360,22 @@ msgstr ""
"der oben beschriebene Murmurhash-Algorithmus umgangen."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr "ldap_idmap_default_domain (Zeichenkette)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr "gibt den Namen der Standard-Domain an."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr "ldap_idmap_autorid_compat (Boolesch)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
@@ -12780,7 +13384,7 @@ msgstr ""
"Algorithmus »idmap_autorid« von Winbind ähnlicher ist."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
@@ -12789,7 +13393,7 @@ msgstr ""
"null reserviert und gleichmäßig mit jeder zusätzlichen Domain vergrößert."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -12804,13 +13408,36 @@ msgstr ""
"»ldap_idmap_default_domain_sid« zu verwenden. Dies soll sicherstellen, dass "
"mindestens eine Domain beständig für den Slice null reserviert ist."
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+#, fuzzy
+#| msgid "ldap_idmap_range_size (integer)"
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr "ldap_idmap_range_size (Ganzzahl)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr "Bekannte Sicherheits-IDs"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -12824,7 +13451,7 @@ msgstr ""
"Objekte keine POSIX-IDs verfügbar."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
@@ -12833,37 +13460,37 @@ msgstr ""
"Domains betrachtet werden können. Die Autoritäten für die bekannten SIDs sind"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr "Null-Autorität (Null Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr "Weltweit anerkannte Autorität (World Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr "Lokale Autorität (Local Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr "Ersteller-Autorität (Creator Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr "NT-Autorität (NT Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr "Eingebaut"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
@@ -12873,7 +13500,7 @@ msgstr ""
"Sicherheits-ID zurückgegeben wird."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
@@ -13358,3 +13985,21 @@ msgstr "Voreinstellung: /home"
#~ msgid "Default: ou"
#~ msgstr "Voreinstellung: ou"
+
+#~ msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+#~ msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+
+#~ msgid ""
+#~ "If <quote>PubkeyAgent</quote> is supported, "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> can be configured to use it by using the "
+#~ "following directive for <citerefentry> <refentrytitle>sshd</"
+#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> configuration: "
+#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
+#~ msgstr ""
+#~ "Falls »PubkeyAgent« unterstützt wird, kann "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> durch Setzen der folgenden Richtlinie in "
+#~ "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+#~ "manvolnum></citerefentry> zu seiner Verwendung konfiguriert werden: "
+#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
diff --git a/src/man/po/es.po b/src/man/po/es.po
index ade40282a..6d8351dbd 100644
--- a/src/man/po/es.po
+++ b/src/man/po/es.po
@@ -15,7 +15,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Spanish (http://www.transifex.com/projects/p/sssd/language/"
@@ -25,7 +25,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -71,7 +71,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -92,11 +92,11 @@ msgstr ""
"indicados en la línea de comandos."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "OPCIONES"
@@ -251,63 +251,79 @@ msgstr "debug_level (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
+#, fuzzy
+#| msgid "debug_level (integer)"
+msgid "debug (integer)"
+msgstr "debug_level (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:89
msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr "Predeterminado: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr "Predeterminado: false"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr "timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
@@ -315,33 +331,34 @@ msgstr ""
"Tiempo de espera en segundos entre latidos para este servicio. Esto se usa "
"para asegurar que el proceso está vivo y capaz de responder peticiones."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "Predeterminado: 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr "SECCIONES ESPECIALES"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr "La sección [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr "Parámetros de sección"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr "config_file_version (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -350,12 +367,12 @@ msgstr ""
"posteriores utilizan una versión 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "servicios"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
@@ -363,7 +380,7 @@ msgstr ""
"enciende sssd."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -372,12 +389,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -386,17 +403,17 @@ msgstr ""
"de datos del proveedor, o de reiniciarse antes de abandonar"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "Predeterminado: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "dominios"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -406,12 +423,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr "re_expression (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
@@ -420,7 +437,7 @@ msgstr ""
"contiene el nombre de usuario y el dominio en estos componentes."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -431,12 +448,12 @@ msgstr ""
"DOMAIN SECTIONS para más información sobre estas expresiones regulares."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr "full_name_format (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -444,46 +461,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
@@ -492,12 +509,12 @@ msgstr ""
"SECCIONES DOMINIO para más información sobre esta opción."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr "try_inotify (boolean)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -510,7 +527,7 @@ msgstr ""
"segundos en caso que inotify no pueda ser utilizado."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -521,7 +538,7 @@ msgstr ""
"'false' "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -530,7 +547,7 @@ msgstr ""
"en el resto de las plataformas."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -540,12 +557,12 @@ msgstr ""
"utilizada siempre."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -554,7 +571,7 @@ msgstr ""
"reproducción de cache de Kerberos."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
@@ -564,7 +581,7 @@ msgstr ""
"de respuesta."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
@@ -573,29 +590,29 @@ msgstr ""
"tiempo. (si no se configura __LIBKRB5_DEFAULTS__)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr "default_domain_suffix (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -611,7 +628,7 @@ msgstr ""
"usuario sin dar también un nombre de dominio."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -621,20 +638,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr "Predeterminado: no definido"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -644,7 +661,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -653,12 +670,103 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "certificate_verification (string)"
+msgstr "re_expression (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+#, fuzzy
+#| msgid "These options can be used to configure the PAC responder."
+msgid "This option must be used together with ocsp_default_responder."
+msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+#, fuzzy
+#| msgid "Default: not set, i.e. service discovery is disabled"
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr "Por defecto: no fijado, esto es servicio descubridor deshabilitado."
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -675,12 +783,12 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr "SECCIONES DE SERVICIOS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -693,22 +801,22 @@ msgstr ""
"<quote>[nss]</quote>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr "Opciones de configuración de servicios generales"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr "Estas opciones pueden usarse para configurar cualquier servicio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr "fd_limit"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -723,17 +831,17 @@ msgstr ""
"valor más bajo de este o de limite “hard” en limits.conf."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr "Por defecto: 8192 (o limite “hard” en limits.conf)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr "client_idle_timeout"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -745,19 +853,19 @@ msgstr ""
"sistema."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr "Predeterminado: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr "force_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -772,12 +880,12 @@ msgstr ""
"una señal SIGKILL."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -785,89 +893,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr "Predeterminado: none"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr "Opciones de configuración de NSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -875,12 +931,12 @@ msgstr ""
"Switch (NSS)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -889,17 +945,17 @@ msgstr ""
"sobre todos los usuarios)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "Predeterminado: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -910,7 +966,7 @@ msgstr ""
"valor de entry_cache_timeout para el dominio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -926,7 +982,7 @@ msgstr ""
"actualización del cache."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -939,17 +995,17 @@ msgstr ""
"segundos. (0 deshabilita esta función)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr "Predeterminado: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -960,22 +1016,55 @@ msgstr ""
"entradas no existentes) antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "Predeterminado: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "autofs_negative_timeout (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "autofs_negative_timeout (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+#, fuzzy
+#| msgid ""
+#| "Specifies for how many seconds nss_sss should cache negative cache hits "
+#| "(that is, queries for invalid database entries, like nonexistent ones) "
+#| "before asking the back end again."
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+"Especifica por cuantos segundos nss_sss escondería golpes negativos al cache "
+"(esto es, consultas para entradas no válidas a la base de datos, como "
+"entradas no existentes) antes de preguntar al punto final otra vez."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Predeterminado: 0"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
+#, fuzzy
+#| msgid ""
+#| "Exclude certain users from being fetched from the sss NSS database. This "
+#| "is particularly useful for system accounts. This option can also be set "
+#| "per-domain or include fully-qualified names to filter only users from the "
+#| "particular domain."
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
"Excluye ciertos usuarios de ser exagerados por la base de datos sss NSS. "
"Esto es particularmente útil para cuentas de sistema. Esta opción puede ser "
@@ -983,17 +1072,26 @@ msgstr ""
"filtrar sólo usuario de un dominio concreto."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr "Predeterminado: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -1001,12 +1099,12 @@ msgstr ""
"opción a false."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr "fallback_homedir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
@@ -1015,7 +1113,7 @@ msgstr ""
"especificado una explícitamente por el proveedor de datos del dominio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
@@ -1023,7 +1121,7 @@ msgstr ""
"override_homedir."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -1033,24 +1131,24 @@ msgstr ""
" "
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
"Por defecto: no fijado (sin sustitución para los directorios home no fijados)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr "override_shell (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -1058,17 +1156,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr "Por defecto: no fijado (SSSD usará el valor recuperado desde LDAP)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr "allowed_shells (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -1076,12 +1174,12 @@ msgstr ""
"evaluación es:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr "1. Si el shell está presente en <quote>/etc/shells</quote>, se usa."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -1090,7 +1188,7 @@ msgstr ""
"shells</quote>, usa el valor del parámetro shell_fallback."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -1099,12 +1197,12 @@ msgstr ""
"shells</quote>, se usará un shell de no acceso."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1112,12 +1210,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr "Una cadena vacía para el shell se pasa como-es a libc."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -1127,27 +1225,27 @@ msgstr ""
"una nueva shell."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr "Por defecto: No fijado. La shell del usuario se usa automáticamente."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr "Reemplaza cualquier instancia de estos shells con shell_fallback"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr "shell_fallback (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -1155,24 +1253,24 @@ msgstr ""
"máquina."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr "Predeterminado: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr "default_shell"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
@@ -1182,12 +1280,12 @@ msgstr ""
"normalmente /bin/sh)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr "get_domains_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
@@ -1196,31 +1294,42 @@ msgstr ""
"considerada válida."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr "memcache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
+#, fuzzy
+#| msgid ""
+#| "Specifies time in seconds for which records in the in-memory cache will "
+#| "be valid"
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
"Especifica el tiempo en segundos durante el cual los archivos en el "
"escondrijo en memoria serán válidos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr "Predeterminado: 300"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1231,24 +1340,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr "Opciones de configuración PAM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -1257,12 +1366,12 @@ msgstr ""
"Authentication Module (PAM)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -1271,17 +1380,17 @@ msgstr ""
"los accesos escondidos (en días desde el último login en línea con éxito)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr "Predeterminado: 0 (Sin límite)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -1290,12 +1399,12 @@ msgstr ""
"login fallados están permitidos."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -1305,7 +1414,7 @@ msgstr ""
"intento de login sea posible."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1316,17 +1425,17 @@ msgstr ""
"éxito puede habilitar otra vez la autenticación fuera de línea."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr "Predeterminado: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1335,44 +1444,44 @@ msgstr ""
"autenticación. Cuanto mayor sea el número de mensajes más aparecen."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr "Actualmente sssd soporta los siguientes valores:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: no mostrar ningún mensaje"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: mostrar sólo mensajes importantes"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: mostrar mensajes informativos"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis>: mostrar todos los mensajes e información de "
"depuración"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "Predeterminado: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1384,7 +1493,7 @@ msgstr ""
"información más actual."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1398,17 +1507,17 @@ msgstr ""
"proveedor de identidad."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr "Mostrar una advertencia N días antes que la contraseña caduque."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1419,7 +1528,7 @@ msgstr ""
"información desaparece, sssd no podrá mostrar un aviso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
@@ -1429,7 +1538,7 @@ msgstr ""
"automáticamente."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
@@ -1437,106 +1546,185 @@ msgstr ""
"Este ajuste puede ser anulado por el ajuste "
"<emphasis>pwd_expiration_warning</emphasis> para un dominio concreto."
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Predeterminado: 0"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
+#, fuzzy
+#| msgid ""
+#| "Specifies the comma-separated list of UID values or user names that are "
+#| "allowed to access the PAC responder. User names are resolved to UIDs at "
+#| "startup."
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
+"Especifica la lista separada por comas de los valores UID o nombres de "
+"usuario que tiene el acceso permitido al respondedor PAC."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr "Predeterminado: none"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1064
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_expired_message = Account expired, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1073
+#, fuzzy
+#| msgid "ldap_ns_account_lock (string)"
+msgid "pam_account_locked_message (string)"
+msgstr "ldap_ns_account_lock (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+#, fuzzy
+#| msgid "enumerate (bool)"
+msgid "pam_cert_auth (bool)"
+msgstr "enumerar (bool)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr "Por defecto: False"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "pam_cert_db_path (string)"
+msgstr "ipa_hbac_search_base (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
#, fuzzy
#| msgid "pam_id_timeout (integer)"
msgid "p11_child_timeout (integer)"
msgstr "pam_id_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr "SUDO opciones de configuración"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1547,12 +1735,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr "sudo_timed (booleano)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
@@ -1561,22 +1749,22 @@ msgstr ""
"entradas de sudoers dependientes del tiempo."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr "Opciones de configuración AUTOFS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr "Estas opciones pueden ser usadas para configurar el servicio autofs."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1587,22 +1775,22 @@ msgstr ""
"existentes) antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr "Opciones de configuración SSH"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr "Estas opciones se pueden usar para configurar el servicio SSH."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr "ssh_hash_known_hosts (booleano)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
@@ -1611,12 +1799,12 @@ msgstr ""
"known_host. "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr "ssh_known_hosts_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
@@ -1625,38 +1813,38 @@ msgstr ""
"después de que se hayan pedido sus claves de host."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr "Por defecto: 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
#, fuzzy
#| msgid "mail_dir (string)"
msgid "ca_db (string)"
msgstr "mail_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
#| msgid "Default: /etc/krb5.keytab"
msgid "Default: /etc/pki/nssdb"
msgstr "Predeterminado: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr "Opciones de configuración del respondedor PAC"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1675,7 +1863,7 @@ msgstr ""
"siguientes operaciones:"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1686,24 +1874,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr "allowed_uids (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1713,14 +1901,14 @@ msgstr ""
"usuario que tiene el acceso permitido al respondedor PAC."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
"Por defecto: 0 (sólo el usuario root tiene permitido el acceso al "
"respondedor PAC)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1732,18 +1920,32 @@ msgstr ""
"respondedor PAC, que sería el caso típico, usted tiene que añadir 0 a la "
"lista de UIDs permitidas también."
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "pam_id_timeout (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "pam_id_timeout (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr "SECCIONES DE DOMINIO"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr "min_id, max_id (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1752,7 +1954,7 @@ msgstr ""
"está fuera de estos límites, ésta es ignorada."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1765,24 +1967,24 @@ msgstr ""
"reportados como en espera."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Predeterminado: 1 para min_id, 0 (sin límite) para max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr "enumerar (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1791,22 +1993,22 @@ msgstr ""
"de los siguientes valores:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = Usuarios y grupos son enumerados"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = Sin enumeraciones para este dominio"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr "Predeterminado: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1826,7 +2028,7 @@ msgstr ""
"las afiliaciones deben ser recalculadas."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1836,7 +2038,7 @@ msgstr ""
"completen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1850,7 +2052,7 @@ msgstr ""
"específico id_provider en uso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
@@ -1859,32 +2061,32 @@ msgstr ""
"especialmente en entornos grandes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1893,12 +2095,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1907,7 +2109,7 @@ msgstr ""
"volver a consultar al backend"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1918,17 +2120,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr "Predeterminado: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
@@ -1937,19 +2139,19 @@ msgstr ""
"antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr "Por defecto: entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
@@ -1958,12 +2160,12 @@ msgstr ""
"antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
@@ -1972,12 +2174,12 @@ msgstr ""
"válidas antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
@@ -1986,12 +2188,12 @@ msgstr ""
"antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr "entry_cache_sudo_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
@@ -2000,12 +2202,12 @@ msgstr ""
"preguntar al backend otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr "entry_cache_autofs_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
@@ -2014,71 +2216,71 @@ msgstr ""
"automontaje válidos antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr "cache_credentials (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"Determina si las credenciales del usuario están también escondidas en el "
"cache LDB local"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"Las credenciales de usuario son almacenadas en un hash SHA512, no en texto "
"plano"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -2086,24 +2288,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -2116,17 +2318,17 @@ msgstr ""
"grande o igual que offline_credentials_expiration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr "Predeterminado: 0 (ilimitado)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr "pwd_expiration_warning (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -2139,17 +2341,17 @@ msgstr ""
"configurar un proveedor de autorización para el backend."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr "Por defecto: 7 (Kerberos), 0 (LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr "id_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
@@ -2157,17 +2359,17 @@ msgstr ""
"soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr "<quote>proxy</quote>: Soporta un proveedor NSS legado"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr "<quote>local</quote>: Proveedor interno SSSD para usuarios locales"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2178,8 +2380,8 @@ msgstr ""
"información sobre la configuración de LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2192,8 +2394,8 @@ msgstr ""
"configuración de FreeIPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2205,12 +2407,12 @@ msgstr ""
"Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
@@ -2220,7 +2422,7 @@ msgstr ""
"NSS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2234,7 +2436,7 @@ msgstr ""
"command> lo haría."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -2242,22 +2444,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr "ignore_group_members (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr "No devuelve miembros de grupo para búsquedas de grupo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -2269,7 +2471,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -2277,12 +2479,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr "auth_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -2291,7 +2493,7 @@ msgstr ""
"autenticación soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2302,7 +2504,7 @@ msgstr ""
"citerefentry> para más información sobre la configuración LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2313,7 +2515,7 @@ msgstr ""
"citerefentry> para más información sobre la configuración de Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
@@ -2321,12 +2523,12 @@ msgstr ""
"objetivo PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> deshabilita la autenticación explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -2335,12 +2537,12 @@ msgstr ""
"manejar las peticiones de autenticación."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr "access_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2351,7 +2553,7 @@ msgstr ""
"proveedores especiales internos son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
@@ -2360,12 +2562,12 @@ msgstr ""
"sólo permitido para un dominio local."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> siempre niega el acceso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2378,17 +2580,44 @@ msgstr ""
"configuración del módulo de acceso sencillo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+#, fuzzy
+#| msgid ""
+#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
+#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring Kerberos."
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+"<quote>krb5</quote> para autenticación Kerberos. Vea <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> para más información sobre la configuración de Kerberos."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+#, fuzzy
+#| msgid ""
+#| "<quote>proxy</quote> for relaying password changes to some other PAM "
+#| "target."
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+"<quote>proxy</quote> para la reinstalación de cambios de password en algunos "
+"otros objetivos PAM."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr "Predeterminado: <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr "chpass_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -2397,7 +2626,7 @@ msgstr ""
"el dominio. Los proveedores de cambio de passweord soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2409,7 +2638,7 @@ msgstr ""
"configurar LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2420,7 +2649,7 @@ msgstr ""
"citerefentry> para más información sobre configurar Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
@@ -2428,13 +2657,13 @@ msgstr ""
"otros objetivos PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
"<quote>none</quote> deniega explícitamente los cambios en la contraseña."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -2443,18 +2672,18 @@ msgstr ""
"puede manejar las peticiones de cambio de password."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr "sudo_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
"El proveedor SUDO usado por el dominio. Los proveedores SUDO soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2465,33 +2694,33 @@ msgstr ""
"citerefentry> para más información sobre la configuración LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "<quote>none</quote>deshabilita SUDO explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
"Por defecto: el valor de <quote>id_provider</quote> se usa si está fijado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2502,12 +2731,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr "selinux_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2518,7 +2747,7 @@ msgstr ""
"finalice. Los proveedores selinux soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2530,14 +2759,14 @@ msgstr ""
"IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
"<quote>none</quote> deshabilita ir a buscar los ajustes selinux "
"explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
@@ -2546,12 +2775,12 @@ msgstr ""
"manejar las peticiones de carga selinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr "subdomains_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
@@ -2561,7 +2790,7 @@ msgstr ""
"soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2573,7 +2802,7 @@ msgstr ""
"configuración de IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2582,18 +2811,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
"<quote>none</quote> deshabilita el buscador de subdominios explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr "autofs_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
@@ -2601,7 +2830,7 @@ msgstr ""
"son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2613,7 +2842,7 @@ msgstr ""
"LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2625,17 +2854,34 @@ msgstr ""
"IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+#, fuzzy
+#| msgid ""
+#| "<quote>ipa</quote> to load maps stored in an IPA server. See "
+#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring IPA."
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+"<quote>ipa</quote> para cargar mapas almacenados en un servidor IPA. Vea "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> para más información sobre la configuración de "
+"IPA."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr "<quote>none</quote> deshabilita autofs explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr "hostid_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
@@ -2644,7 +2890,7 @@ msgstr ""
"proveedores de hostid soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2656,12 +2902,12 @@ msgstr ""
"configuración de IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr "<quote>none</quote> deshabilita hostid explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2671,7 +2917,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2684,22 +2930,22 @@ msgstr ""
"nombres de usuario:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr "nombre de usuario"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr "username@domain.name"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr "dominio/nombre_de_usuario"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
@@ -2709,7 +2955,7 @@ msgstr ""
"dominios Windows."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2720,7 +2966,7 @@ msgstr ""
"el nombre, el dominio es el resto detrás de este signo\""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2732,7 +2978,7 @@ msgstr ""
"subplantillas sin nombre único."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2741,17 +2987,17 @@ msgstr ""
"soportan la sintaxis Python (?P&lt;name&gt;) para identificar subpatrones."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Predeterminado: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -2760,42 +3006,42 @@ msgstr ""
"a usar cuando se lleven a cabo búsquedas DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr "Valores soportados:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr "ipv4_first: Intenta buscar dirección IPv4, si falla, intenta IPv6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr "ipv4_only: Sólo intenta resolver nombres de host a direccones IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr "ipv6_first: Intenta buscar dirección IPv6, si falla, intenta IPv4"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr "ipv6_only: Sólo intenta resolver nombres de host a direccones IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr "Predeterminado: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2806,18 +3052,18 @@ msgstr ""
"espera, el dominio continuará operativo en modo fuera de línea."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr "Predeterminado: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -2826,53 +3072,53 @@ msgstr ""
"de dominio de la pregunta al descubridor de servicio DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
"Predeterminado: Utilizar la parte del dominio del nombre de host del equipo"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr "override_gid (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr "Anula el valor primario GID con el especificado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2880,7 +3126,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2888,46 +3134,87 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
-msgstr "proxy_fast_alias (booleano)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
msgstr ""
-"Cuando un usuario o grupo es buscado por nombre en el proveedor proxy, una "
-"segunda búsqueda por ID es llevada a cabo para “estandarizar” el nombre en "
-"el caso de que el nombre pedido fuera un alias. Fijando esta opción a true "
-"se causaría que SSSD lleve a cabo una búsqueda de ID desde el escondrijo por "
-"razones de rendimiento."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+#, fuzzy
+#| msgid "This option is not available in IPA provider."
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr "Esta opción no está disponible en el proveedor IPA."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr "subdomain_homedir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2937,7 +3224,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
@@ -2945,30 +3232,30 @@ msgstr ""
"emphasis>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr "Por defecto: <filename>/home/%d/%u</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
#, fuzzy
#| msgid "memcache_timeout (int)"
msgid "cached_auth_timeout (int)"
msgstr "memcache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2976,12 +3263,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2989,7 +3276,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3001,17 +3288,17 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr "El proxy de destino PAM próximo a."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -3020,12 +3307,12 @@ msgstr ""
"pam existente o crear una nueva y añadir el nombre de servicio aquí."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3035,8 +3322,27 @@ msgstr ""
"NSS buscadas dentro de la librería están el formato de _nss_$(libName)_"
"$(function), por ejemplo _nss_files_getpwent."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr "proxy_fast_alias (booleano)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+"Cuando un usuario o grupo es buscado por nombre en el proveedor proxy, una "
+"segunda búsqueda por ID es llevada a cabo para “estandarizar” el nombre en "
+"el caso de que el nombre pedido fuera un alias. Fijando esta opción a true "
+"se causaría que SSSD lleve a cabo una búsqueda de ID desde el escondrijo por "
+"razones de rendimiento."
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -3045,12 +3351,12 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr "La sección de dominio local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -3061,29 +3367,29 @@ msgstr ""
"utiliza <replaceable>id_provider=local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr "default_shell (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"El shell predeterminado para los usuarios creados con herramientas de "
"espacio de usuario SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Predeterminado: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr "base_directory (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -3093,17 +3399,17 @@ msgstr ""
"de inicio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr "Predeterminado: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr "create_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -3112,17 +3418,17 @@ msgstr ""
"Puede ser anulado desde la línea de comando."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr "Predeterminado: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr "remove_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -3131,12 +3437,12 @@ msgstr ""
"borrados. Puede ser anulado desde la línea de comando."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr "homedir_umask (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3147,17 +3453,17 @@ msgstr ""
"predeterminados en un directorio de inicio recién creado."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr "Predeterminado: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr "skel_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -3170,17 +3476,17 @@ msgstr ""
"<manvolnum>8</manvolnum></citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Predeterminado: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr "mail_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -3191,17 +3497,17 @@ msgstr ""
"Si no se especifica, se utiliza un valor por defecto."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr "Predeterminado: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -3212,19 +3518,19 @@ msgstr ""
"único parámetro. El código de retorno del comando no es tenido en cuenta."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr "Predeterminado: None, no se ejecuta comando"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "EJEMPLO"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -3278,7 +3584,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -3340,7 +3646,7 @@ msgstr ""
"información sobre la utilización de LDAP como proveedor de acceso."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "OPCIONES DE CONFIGURACIÓN"
@@ -3460,8 +3766,8 @@ msgstr ""
"http://www.ietf.org/rfc/rfc2254.txt"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr "Ejemplos:"
@@ -3784,7 +4090,7 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -3793,7 +4099,7 @@ msgstr ""
"objeto primario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr "Predeterminado: modifyTimestamp"
@@ -4243,8 +4549,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "El atributo LDAP que corresponde al nombre completo del usuario."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr "Predeterminado: cn"
@@ -4460,11 +4766,30 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
+#, fuzzy
+#| msgid "ldap_group_member (string)"
+msgid "ldap_group_external_member (string)"
+msgstr "ldap_group_member (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:948
+msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:948
+#: sssd-ldap.5.xml:964
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4476,7 +4801,7 @@ msgstr ""
"esquema RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -4486,26 +4811,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr "Predeterminado: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr "ldap_groups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -4516,7 +4842,7 @@ msgstr ""
"despliegues con grupos complejos o profundamente anidados."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
@@ -4526,7 +4852,7 @@ msgstr ""
"muy complejos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -4537,7 +4863,7 @@ msgstr ""
"esencialmente “auto-detect”."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4549,19 +4875,13 @@ msgstr ""
"library/windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) "
"documentation</ulink> para más detalles."
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr "Por defecto: False"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr "ldap_initgroups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4572,80 +4892,80 @@ msgstr ""
"notable cuando se trata con grupos complejos o profundamente anidados)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr "La clase de objeto de una entrada netgroup en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr "En proveedor IPA, ipa_netgroup_object_class, se usaría en su lugar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr "Predeterminado: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "El atributo LDAP que corresponde al nombre del netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr "Un proveedor IPA, ipa_netgroup_name sería usado en su lugar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
"El atributo LDAP que contiene los nombres de los miembros de grupo de red."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr "Un proveedor IPA, ipa_netgroup_member sería usado en su lugar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr "Predeterminado: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
@@ -4653,42 +4973,42 @@ msgstr ""
"de red."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr "Esta opción no está disponible en el proveedor IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr "Predeterminado: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr "La clase objeto de una entrada de servicio en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr "Por defecto: ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
@@ -4696,49 +5016,49 @@ msgstr ""
"El atributo LDAP que contiene el nombre de servicio de atributos y sus alias."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "El atributo LDAP que contiene el puerto manejado por este servicio."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr "Por defecto: ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
"El atributo LDAP que contiene los protocolos entendidos por este servicio."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr "Por defecto: ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4749,7 +5069,7 @@ msgstr ""
"escondidos devueltos (y se entra en modo fuera de línea)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4760,12 +5080,12 @@ msgstr ""
"espera para tipos específicos de búsqueda."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4777,12 +5097,12 @@ msgstr ""
"fuera de línea)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4799,12 +5119,12 @@ msgstr ""
"citerefentry> vuelve en caso de no actividad."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4813,12 +5133,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4831,17 +5151,17 @@ msgstr ""
"temprano (este valor contra el tiempo de vida TGT)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr "Predeterminado: 900 (15 minutos)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -4850,17 +5170,17 @@ msgstr ""
"Algunos servidores LDAP hacen cumplir un límite máximo por petición."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr "Predeterminado: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr "ldap_disable_paging (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4871,7 +5191,7 @@ msgstr ""
"RootDSE pero no está habilitado o no se comporta apropiadamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
@@ -4881,7 +5201,7 @@ msgstr ""
"pero es incapaz de usarlo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4892,17 +5212,17 @@ msgstr ""
"puede ocasionar que algunas peticiones sean denegadas."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4912,12 +5232,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr "ldap_sasl_minssf (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4928,19 +5248,19 @@ msgstr ""
"de esta opción son definidos por OpenLDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
"Por defecto: Usa el sistema por defecto (normalmente especificado por ldap."
"conf)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4951,7 +5271,7 @@ msgstr ""
"deference. Si hay menos miembros desaparecidos, se buscarán individualmente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
@@ -4959,7 +5279,7 @@ msgstr ""
"a 0."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4972,7 +5292,7 @@ msgstr ""
"soportados son 389/RHDS, OpenLDAP y Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4983,12 +5303,12 @@ msgstr ""
"será deshabilitado sin tener en cuenta este ajuste."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -4998,7 +5318,7 @@ msgstr ""
"los siguientes valores:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -5007,7 +5327,7 @@ msgstr ""
"certificado de servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5018,7 +5338,7 @@ msgstr ""
"certificado malo, será ignorado y la sesión continua normalmente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5029,7 +5349,7 @@ msgstr ""
"certificado malo, la sesión se termina inmediatamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -5040,22 +5360,22 @@ msgstr ""
"termina inmediatamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr "Predeterminado: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -5064,7 +5384,7 @@ msgstr ""
"de Certificación que <command>sssd</command> reconocerá."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -5073,12 +5393,12 @@ msgstr ""
"etc/openldap/ldap.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -5092,33 +5412,33 @@ msgstr ""
"para crear los nombres correctos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
"Especifica el fichero que contiene el certificado para la clave del cliente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr "Especifica el archivo que contiene la clave del cliente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5126,12 +5446,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -5140,12 +5460,12 @@ msgstr ""
"<systemitem class=\"protocol\">tls</systemitem> para proteger el canal."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr "ldap_id_mapping (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5156,18 +5476,18 @@ msgstr ""
"ldap_user_uid_number y ldap_group_gid_number."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
"Actualmente está función soporta sólo mapeos de objectSID de ActiveDirectory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -5178,17 +5498,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -5197,12 +5517,12 @@ msgstr ""
"probado y soportado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -5215,17 +5535,17 @@ msgstr ""
"myhost@EXAMPLE.COM) o sólo en nombre principal (por ejemplo host/myhost)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr "Por defecto: host/nombre_de_host@REALM"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr "ldap_sasl_realm (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -5236,17 +5556,17 @@ msgstr ""
"reino también, esta opción se ignora."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr "Por defecto: el valor de krb5_realm."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -5255,34 +5575,34 @@ msgstr ""
"para para canocalizar el nombre de host durante una unión SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr "Predeterminado: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "Especifica la keytab a usar cuando se utilice SASL/GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Por defecto: Keytab del sistema, normalmente <filename>/etc/krb5.keytab</"
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -5293,27 +5613,27 @@ msgstr ""
"es GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Especifica el tiempo de vida en segundos del TGT si se usa GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr "Predeterminado: 86400 (24 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr "krb5_server, krb5_backup_server (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5332,7 +5652,7 @@ msgstr ""
"información, vea la sección <quote>SERVICE DISCOVERY</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5343,7 +5663,7 @@ msgstr ""
"regresa a _tcp si no se encuentra nada."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -5355,29 +5675,29 @@ msgstr ""
"configuración para usar <quote>krb5_server</quote> en su lugar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "Especifica el REALM Kerberos (para autorización SASL/GSSAPI)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Predeterminado: Predeterminados del sistema, vea <filename>/etc/krb5.conf</"
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -5386,12 +5706,12 @@ msgstr ""
"servidor LDAP. Esta función está disponible con MIT Kerberos >= 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5401,7 +5721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5409,12 +5729,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -5423,7 +5743,7 @@ msgstr ""
"del cliente. Los siguientes valores son permitidos:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -5432,7 +5752,7 @@ msgstr ""
"no puede deshabilitar las políticas de password en el lado servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5443,7 +5763,7 @@ msgstr ""
"manvolnum></citerefentry> para evaluar si la contraseña ha expirado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5455,26 +5775,26 @@ msgstr ""
"password."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
"Especifica si el seguimiento de referencias automático debería ser "
"habilitado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -5483,7 +5803,7 @@ msgstr ""
"está compilado con OpenLDAP versión 2.4.13 o más alta."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5496,29 +5816,29 @@ msgstr ""
"esta opción a false le llevará a una notable mejora de rendimiento."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"Especifica el nombre del servicio para utilizar cuando está habilitado el "
"servicio de descubrimiento."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr "Predeterminado: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -5528,17 +5848,17 @@ msgstr ""
"descubrimiento."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr "Por defecto: no fijado, esto es servicio descubridor deshabilitado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr "ldap_chpass_update_last_change (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
@@ -5547,12 +5867,12 @@ msgstr ""
"desde el Epoch después de una operación de cambio de contraseña."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5568,12 +5888,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr "Ejemplo:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -5582,14 +5902,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -5602,17 +5922,17 @@ msgstr ""
"obteniendo acceso mientras esté fuera de línea y viceversa."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr "Predeterminado: vacío"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -5621,7 +5941,7 @@ msgstr ""
"control de acceso del lado cliente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5632,12 +5952,12 @@ msgstr ""
"una código de error definible aunque el password sea correcto."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr "Los siguientes valores están permitidos:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -5646,7 +5966,7 @@ msgstr ""
"determinar si la cuenta ha expirado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5659,7 +5979,7 @@ msgstr ""
"se comprueba el tiempo de expiración de la cuenta."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5670,7 +5990,7 @@ msgstr ""
"el acceso o no."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5683,7 +6003,7 @@ msgstr ""
"permitido. Si ambos atributos están desaparecidos se concede el acceso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -5691,24 +6011,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"Lista separada por coma de opciones de control de acceso. Los valores "
"permitidos son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5718,14 +6038,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5738,12 +6058,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5753,7 +6073,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5763,20 +6083,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -5785,18 +6105,18 @@ msgstr ""
"autorizedService para determinar el acceso"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis>: usa el atributo host para determinar el acceso"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr "Predeterminado: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -5805,12 +6125,12 @@ msgstr ""
"una vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5819,22 +6139,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr "ldap_deref (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -5843,13 +6163,13 @@ msgstr ""
"lleva a cabo una búsqueda. Están permitidas las siguientes opciones:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
"<emphasis>never</emphasis>: Nunca serán eliminadas las referencias al alias."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -5859,7 +6179,7 @@ msgstr ""
"búsqueda."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -5868,7 +6188,7 @@ msgstr ""
"cuando se localice el objeto base de la búsqueda."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -5877,7 +6197,7 @@ msgstr ""
"para la búsqueda como en la localización del objeto base de la búsqueda."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -5886,12 +6206,12 @@ msgstr ""
"librerías cliente LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr "ldap_rfc2307_fallback_to_local_users (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
@@ -5900,7 +6220,7 @@ msgstr ""
"servidores que usan el esquema RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5918,7 +6238,7 @@ msgstr ""
"llamadas getpw*() o initgroups()."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5929,26 +6249,26 @@ msgstr ""
"initgroups() aumentará los usuarios locales con los grupos LDAP adicionales."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
#, fuzzy
#| msgid "ldap_opt_timeout (integer)"
msgid "wildcart_limit (integer)"
msgstr "ldap_opt_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5968,12 +6288,12 @@ msgstr ""
"completos. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr "OPCIONES SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5981,52 +6301,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr "El objeto clase de una regla de entrada sudo en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr "Por defecto: sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "El atributo LDAP que corresponde a la regla nombre de sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr "El atributo LDAP que corresponde al nombre de comando."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr "Por defecto: sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
@@ -6035,17 +6355,17 @@ msgstr ""
"red IP del host o grupo de red del host)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr "Por defecto: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
@@ -6054,32 +6374,32 @@ msgstr ""
"grupo o grupo de red del usuario)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr "Por defecto: sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "El atributo LDAP que corresponde a las opciones sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr "Por defecto: sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
@@ -6088,17 +6408,17 @@ msgstr ""
"pueden ejecutar como."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr "Por defectot: sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
@@ -6107,17 +6427,17 @@ msgstr ""
"ejecutar comandos como."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr "Por defecto: sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
@@ -6126,17 +6446,17 @@ msgstr ""
"regla sudo es válida."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr "Por defecto: sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
@@ -6145,32 +6465,32 @@ msgstr ""
"la regla sudo dejará de ser válida."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr "Por defecto: sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "El atributo LDAP que corresponde al índice de ordenación de la regla."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr "Por defecto: sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr "ldap_sudo_full_refresh_interval (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
@@ -6180,7 +6500,7 @@ msgstr ""
"servidor)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
@@ -6189,17 +6509,17 @@ msgstr ""
"emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr "Por defecto: 21600 (6 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr "ldap_sudo_smart_refresh_interval (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -6210,7 +6530,7 @@ msgstr ""
"USBN más alto que el USN más alto de las reglas escondidas)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
@@ -6219,12 +6539,12 @@ msgstr ""
"atributo modifyTimestamp."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr "ldap_sudo_use_host_filter (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -6233,12 +6553,12 @@ msgstr ""
"máquina (usando las direcciones de host/red y nombres de host IPv4 o IPv6)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr "ldap_sudo_hostnames (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
@@ -6247,7 +6567,7 @@ msgstr ""
"totalmente cualificados que sería usada para filtrar las reglas."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
@@ -6256,8 +6576,8 @@ msgstr ""
"nombre de dominio totalmente cualificado automáticamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
@@ -6266,17 +6586,17 @@ msgstr ""
"emphasis> esta opción no tiene efecto."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr "Por defecto: no especificado"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr "ldap_sudo_ip (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
@@ -6285,7 +6605,7 @@ msgstr ""
"usada para filtrar las reglas."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
@@ -6294,12 +6614,12 @@ msgstr ""
"automáticamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr "sudo_include_netgroups (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
@@ -6308,12 +6628,12 @@ msgstr ""
"atributo sudoHost."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr "ldap_sudo_include_regexp (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
@@ -6322,7 +6642,7 @@ msgstr ""
"atributo sudoHost."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6335,71 +6655,71 @@ msgstr ""
"manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr "OPCIONES AUTOFS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr "El objeto clase de una entrada de mapa de automontaje en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr "Por defecto: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr "El nombre de una entrada de mapa de automontaje en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr "Valor predeterminado: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
#, fuzzy
#| msgid ""
#| "The key of an automount entry in LDAP. The entry usually corresponds to a "
@@ -6412,19 +6732,19 @@ msgstr ""
"normalmente a un punto de montaje."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: automountMap"
msgid "Default: automount"
msgstr "Por defecto: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
@@ -6433,24 +6753,24 @@ msgstr ""
"normalmente a un punto de montaje."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr "Valor predeterminado: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr "Por defecto: automountInformation"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6459,32 +6779,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr "OPCIONES AVANZADAS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -6493,22 +6813,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -6517,7 +6837,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6528,7 +6848,7 @@ msgstr ""
"replaceable>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6541,26 +6861,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6576,13 +6896,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "NOTAS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6623,11 +6943,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -6638,22 +6959,22 @@ msgstr ""
"través de <command>syslog(3)</command> con la facilidad LOG_AUTHPRIV."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr "Suprime el registro de mensajes de usuarios desconocidos."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
@@ -6662,12 +6983,12 @@ msgstr ""
"en la pila para que lo usen otros módulos PAM."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -6678,12 +6999,12 @@ msgstr ""
"disponible o el password no es apropiado, se denegará el acceso al usuario."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
@@ -6692,12 +7013,12 @@ msgstr ""
"suministrado por un módulo de password previamente apilado."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
@@ -6706,7 +7027,7 @@ msgstr ""
"autenticación falla. Por defecto es 0."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -6717,36 +7038,36 @@ msgstr ""
"<command>sshd</command> con <option>PasswordAuthentication</option>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -6754,7 +7075,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -6763,13 +7084,46 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>allow_missing_name</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr "TIPOS DE MÓDULOS SUMINISTRADOS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
@@ -6778,12 +7132,12 @@ msgstr ""
"<option>password</option> y <option>session</option>) son suministrados."
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr "ARCHIVOS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -6795,7 +7149,7 @@ msgstr ""
"sobre como resetear un password."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -6815,7 +7169,7 @@ msgstr ""
"lectura."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -7013,7 +7367,7 @@ msgstr ""
"grupos locales no serán evaluados."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7211,7 +7565,7 @@ msgstr ""
"host."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -7219,14 +7573,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -7244,12 +7598,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -7270,12 +7624,12 @@ msgid "Default: 1200 (seconds)"
msgstr "Por defecto: 1200 (segundos)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -7301,7 +7655,7 @@ msgid ""
msgstr "Predeterminado: Utilizar la dirección IP de la conexión IPA LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -7311,7 +7665,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -7328,12 +7682,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -7341,12 +7695,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -7365,52 +7719,52 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
#, fuzzy
#| msgid "ldap_dns_service_name (string)"
msgid "dyndns_server (string)"
msgstr "ldap_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -7530,7 +7884,7 @@ msgstr ""
"Verifica con la ayuda de krb5_keytab que el TGT obtenido no ha sido burlado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -7615,26 +7969,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -7656,7 +8010,7 @@ msgstr ""
"muchas peticiones de control de acceso hechas en un corto período."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr "Predeterminado: 5 (segundos)"
@@ -7978,13 +8332,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7999,15 +8354,28 @@ msgstr ""
"manvolnum> </citerefentry> con algunas excepciones descritas abajo."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
+#, fuzzy
+#| msgid ""
+#| "However, it is neither necessary nor recommended to set these options. "
+#| "IPA provider can also be used as an access and chpass provider. As an "
+#| "access provider it uses HBAC (host-based access control) rules. Please "
+#| "refer to freeipa.org for more information about HBAC. No configuration of "
+#| "access provider is required on the client side."
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
+"Sin embargo, ni es necesario ni está recomendado fijar estas opciones. El "
+"proveedor IPA también puede ser usado como proveedor de acceso y cambio de "
+"contraseña. Como proveedor de acceso usa reglas HBAC (control de acceso "
+"basado en el host). Por favor vea freeipa.org para más información sobre "
+"HBAC. No se requiere configuración del proveedor de acceso en el lado "
+"cliente."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -8017,7 +8385,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -8030,7 +8398,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -8038,12 +8406,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr "ad_domain (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
@@ -8052,7 +8420,7 @@ msgstr ""
"se suministra, se usa la configuración del nombre de dominio."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
@@ -8061,34 +8429,60 @@ msgstr ""
"minúscula de la versión larga del dominio Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr "ad_server, ad_backup_server (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
+#, fuzzy
+#| msgid ""
+#| "The comma-separated list of IP addresses or hostnames of the IPA servers "
+#| "to which SSSD should connect in the order of preference. For more "
+#| "information on failover and server redundancy, see the <quote>FAILOVER</"
+#| "quote> section. This is optional if autodiscovery is enabled. For more "
+#| "information on service discovery, refer to the <quote>SERVICE DISCOVERY</"
+#| "quote> section."
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
+"La lista separada por comas de direcciones IP o nombres de host de los "
+"servidores IPA a los que SSSD se conectaría en orden de preferencia. Para "
+"más información sobre conmutación en error y redundancia de servidores, vea "
+"la sección <quote>FAILOVER</quote>. Esto es opcional si autodiscovery está "
+"habilitado. Para más información sobre el servicio descubridor, vea la "
+"sección <quote>SERVICE DISCOVERY</quote>."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr "ad_hostname (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -8099,7 +8493,7 @@ msgstr ""
"identificar este host."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
@@ -8108,12 +8502,12 @@ msgstr ""
"Debe coincidir con el nombre del host desde que se envío la keytab."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -8124,12 +8518,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -8138,7 +8532,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -8147,7 +8541,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -8156,14 +8550,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -8172,7 +8566,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -8187,29 +8581,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -8218,7 +8612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -8227,12 +8621,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -8242,14 +8636,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -8262,23 +8656,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -8286,22 +8680,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -8309,12 +8703,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -8322,14 +8716,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -8337,7 +8731,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8349,53 +8743,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -8403,7 +8822,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -8411,7 +8830,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -8419,7 +8838,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8431,17 +8850,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -8449,7 +8873,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -8457,7 +8881,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -8465,7 +8889,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8477,22 +8901,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -8500,14 +8924,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -8515,7 +8939,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8527,17 +8951,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -8545,14 +8969,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -8560,7 +8984,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -8571,19 +8995,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -8591,7 +9015,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8603,34 +9027,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -8638,12 +9067,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -8656,52 +9085,94 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 300"
+msgid "Default: 30 days"
+msgstr "Predeterminado: 300"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr "Predeterminado: 86400 (24 horas)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -8712,12 +9183,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
#, fuzzy
#| msgid "Default: Use the IP address of the IPA LDAP connection"
msgid ""
@@ -8726,24 +9197,24 @@ msgid ""
msgstr "Predeterminado: Utilizar la dirección IP de la conexión IPA LDAP"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr "Predeterminado: True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8754,7 +9225,7 @@ msgstr ""
"Este ejemplo muestra sólo las opciones específicas del proveedor AD."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -8778,7 +9249,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -8790,7 +9261,7 @@ msgstr ""
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -8801,7 +9272,7 @@ msgstr ""
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -8810,6 +9281,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -9380,7 +9859,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr "La contraseña a oscurecer será leída desde la entrada estándar."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -9456,17 +9935,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -9474,50 +9958,86 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMINIO</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -9525,29 +10045,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -9555,41 +10075,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-#, fuzzy
-#| msgid "print properties of a group"
-msgid "Override attributes of a group."
-msgstr "imprime las propiedades de un grupo"
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMINIO</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -9597,43 +10150,43 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "SUDO OPTIONS"
msgid "COMMON OPTIONS"
msgstr "OPCIONES SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
#, fuzzy
#| msgid "This option is not available in IPA provider."
msgid "Those options are available with all commands."
msgstr "Esta opción no está disponible en el proveedor IPA."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
@@ -10937,6 +11490,45 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-g</option>,<option>--group</option> <replaceable>group</"
+#| "replaceable>"
+msgid ""
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
+"replaceable>"
+msgstr ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:190
+#, fuzzy
+#| msgid "Invalidate specific service."
+msgid "Invalidate particular sudo rule."
+msgstr "Invalida servicio específico"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid "<option>-R</option>,<option>--no-remove</option>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr "<option>-R</option>,<option>--no-remove</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+"Invalida todos los registros de usuario. Esta opción anula la invalidación "
+"de usuario específico si también está fijada."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
@@ -10945,7 +11537,7 @@ msgstr ""
"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:190
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr "Restringe el proceso de invalidación sólo a un dominio concreto."
@@ -11465,13 +12057,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:41
+#, fuzzy
+#| msgid ""
+#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#| "manvolnum></citerefentry> can be configured to use "
+#| "<command>sss_ssh_authorizedkeys</command> for public key user "
+#| "authentication if it is compiled with support for either "
+#| "<quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</quote> "
+#| "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+#| "manvolnum></citerefentry> options."
msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> puede ser configurado para usar "
@@ -11482,7 +12083,7 @@ msgstr ""
"manvolnum></citerefentry> options."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -11490,7 +12091,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -11500,30 +12101,8 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-"Si se soporta <quote>PubkeyAgent</quote>, <citerefentry><refentrytitle>sshd</"
-"refentrytitle> <manvolnum>8</manvolnum></citerefentry> puede ser configurado "
-"para usarlo utilizando la siguiente directiva para <citerefentry> "
-"<refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> "
-"configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
@@ -11531,12 +12110,12 @@ msgstr ""
"<replaceable>DOMAIN</replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -12046,7 +12625,7 @@ msgstr ""
"quote>"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr "Por defecto: 200000"
@@ -12114,11 +12693,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -12126,12 +12706,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr "ldap_idmap_default_domain_sid (cadena)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -12142,22 +12722,22 @@ msgstr ""
"sobrepasando el algoritmo murmurhash descrito arriba."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr "ldap_idmap_default_domain (cadena)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr "Especifica el nombre del dominio por defecto."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr "ldap_idmap_autorid_compat (booleano)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
@@ -12167,7 +12747,7 @@ msgstr ""
"winbind."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
@@ -12177,7 +12757,7 @@ msgstr ""
"adicional."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -12191,13 +12771,36 @@ msgstr ""
"<quote>ldap_idmap_default_domain_sid</quote> para garantizar que al menos un "
"dominio está asignado consistentemente a la rebanada cero."
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+#, fuzzy
+#| msgid "ldap_idmap_range_size (integer)"
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr "ldap_idmap_range_size (entero)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -12206,51 +12809,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
@@ -12679,3 +13282,21 @@ msgstr ""
#~ msgid "Default: ou"
#~ msgstr "Por defecto: ou"
+
+#~ msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+#~ msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+
+#~ msgid ""
+#~ "If <quote>PubkeyAgent</quote> is supported, "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> can be configured to use it by using the "
+#~ "following directive for <citerefentry> <refentrytitle>sshd</"
+#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> configuration: "
+#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
+#~ msgstr ""
+#~ "Si se soporta <quote>PubkeyAgent</quote>, "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> puede ser configurado para usarlo utilizando la "
+#~ "siguiente directiva para <citerefentry> <refentrytitle>sshd</"
+#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> configuration: "
+#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
diff --git a/src/man/po/eu.po b/src/man/po/eu.po
index 333f10a71..4392b5dd8 100644
--- a/src/man/po/eu.po
+++ b/src/man/po/eu.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/"
@@ -17,7 +17,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -60,7 +60,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -79,11 +79,11 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr ""
@@ -214,113 +214,128 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
-msgid "debug_timestamps (bool)"
+msgid "debug (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:76
msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:89
+msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -329,29 +344,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -361,19 +376,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -381,12 +396,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -394,58 +409,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -454,7 +469,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -462,69 +477,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -534,7 +549,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -544,20 +559,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -567,7 +582,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -576,12 +591,97 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+msgid "certificate_verification (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -592,12 +692,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -606,22 +706,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -631,17 +731,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -649,19 +749,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -671,12 +771,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -684,117 +784,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -802,7 +850,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -812,7 +860,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -821,17 +869,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -839,60 +887,86 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+msgid "local_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -900,23 +974,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -924,47 +998,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -972,103 +1046,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1079,72 +1160,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1152,59 +1233,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1212,7 +1293,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1221,17 +1302,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1239,117 +1320,183 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1064
+#, no-wrap
+msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1083
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_locked_message = Account locked, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+msgid "pam_cert_db_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
msgid "p11_child_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1360,34 +1507,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1395,68 +1542,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
msgid "Default: /etc/pki/nssdb"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1468,7 +1615,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1479,24 +1626,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1504,12 +1651,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1517,25 +1664,37 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+msgid "pac_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1544,46 +1703,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1595,14 +1754,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1611,39 +1770,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1652,19 +1811,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1675,151 +1834,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1827,24 +1986,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1853,17 +2012,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1872,33 +2031,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1906,8 +2065,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1916,8 +2075,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1925,19 +2084,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1946,7 +2105,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1954,22 +2113,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1981,7 +2140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -1989,19 +2148,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2009,7 +2168,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2017,30 +2176,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2048,19 +2207,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2069,24 +2228,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2094,7 +2266,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2102,35 +2274,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2138,32 +2310,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2174,12 +2346,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2187,7 +2359,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2195,31 +2367,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2227,7 +2399,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2236,23 +2408,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2260,7 +2432,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2268,24 +2440,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2293,12 +2473,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2308,7 +2488,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2317,29 +2497,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2347,7 +2527,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2355,66 +2535,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2422,70 +2602,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2493,7 +2673,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2501,41 +2681,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2545,34 +2769,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
msgid "cached_auth_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2580,12 +2804,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2593,7 +2817,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2601,49 +2825,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2651,73 +2889,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2725,17 +2963,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2744,17 +2982,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2762,17 +3000,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2780,19 +3018,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2822,7 +3060,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2868,7 +3106,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2968,8 +3206,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr ""
@@ -3258,14 +3496,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3660,8 +3898,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
@@ -3865,19 +4103,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
-msgid "ldap_group_nesting_level (integer)"
+msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:948
msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3887,26 +4142,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3914,14 +4170,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3929,7 +4185,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3937,19 +4193,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3957,168 +4207,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4126,7 +4376,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4134,12 +4384,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4147,12 +4397,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4163,12 +4413,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4177,12 +4427,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4191,34 +4441,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4226,14 +4476,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4241,17 +4491,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4261,12 +4511,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4274,17 +4524,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4292,13 +4542,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4307,7 +4557,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4315,26 +4565,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4342,7 +4592,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4350,7 +4600,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4358,41 +4608,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4401,32 +4651,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4434,24 +4684,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4459,17 +4709,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4480,29 +4730,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4511,17 +4761,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4529,49 +4779,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4579,27 +4829,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4611,7 +4861,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4619,7 +4869,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4627,39 +4877,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4669,7 +4919,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4677,26 +4927,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4704,7 +4954,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4712,31 +4962,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4745,56 +4995,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4810,12 +5060,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4824,14 +5074,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4840,24 +5090,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4865,19 +5115,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4886,7 +5136,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4894,7 +5144,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4903,7 +5153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4911,22 +5161,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4936,14 +5186,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4956,12 +5206,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -4971,7 +5221,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -4981,49 +5231,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5032,74 +5282,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5110,7 +5360,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5118,24 +5368,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
msgid "wildcart_limit (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5150,12 +5400,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5163,208 +5413,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5372,101 +5622,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5475,108 +5725,108 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
msgid "Default: automount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5585,32 +5835,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5619,22 +5869,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5643,7 +5893,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5651,7 +5901,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5664,26 +5914,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5699,13 +5949,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5740,11 +5990,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5752,34 +6003,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5787,31 +6038,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5819,36 +6070,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5856,7 +6107,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5865,25 +6116,56 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5891,7 +6173,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5903,7 +6185,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6062,7 +6344,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6210,7 +6492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6218,14 +6500,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6240,12 +6522,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6266,12 +6548,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6295,7 +6577,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6305,7 +6587,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6322,12 +6604,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6335,12 +6617,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6359,50 +6641,50 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6512,7 +6794,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6586,26 +6868,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6624,7 +6906,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6922,13 +7204,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6938,15 +7221,15 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -6954,7 +7237,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -6967,7 +7250,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -6975,53 +7258,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7029,19 +7324,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7052,12 +7347,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7066,7 +7361,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7075,7 +7370,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7084,14 +7379,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7100,7 +7395,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7115,29 +7410,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7146,7 +7441,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7155,12 +7450,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7170,14 +7465,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7190,23 +7485,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7214,22 +7509,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7237,12 +7532,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7250,14 +7545,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7265,7 +7560,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7277,53 +7572,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7331,7 +7651,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7339,7 +7659,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7347,7 +7667,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7359,17 +7679,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7377,7 +7702,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7385,7 +7710,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7393,7 +7718,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7405,22 +7730,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7428,14 +7753,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7443,7 +7768,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7455,17 +7780,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7473,14 +7798,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7488,7 +7813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7499,19 +7824,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7519,7 +7844,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7531,34 +7856,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7566,12 +7896,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7584,52 +7914,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+msgid "Default: 30 days"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7640,36 +8008,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7677,7 +8045,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7692,7 +8060,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7701,7 +8069,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7709,7 +8077,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7718,6 +8086,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8176,7 +8552,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8235,17 +8611,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8253,50 +8634,80 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8304,29 +8715,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8334,39 +8745,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8374,39 +8814,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
msgid "COMMON OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
msgstr ""
@@ -9548,12 +9988,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10033,13 +10497,13 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10047,7 +10511,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10057,36 +10521,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10473,7 +10920,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10530,11 +10977,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10542,12 +10990,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10555,36 +11003,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10593,13 +11041,34 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10608,51 +11077,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
diff --git a/src/man/po/fr.po b/src/man/po/fr.po
index c0b60afe7..f5e8f2768 100644
--- a/src/man/po/fr.po
+++ b/src/man/po/fr.po
@@ -10,13 +10,15 @@
# sgallagh <sgallagh@redhat.com>, 2012
# sgallagh <sgallagh@redhat.com>, 2012
# Jérôme Fenal <jfenal@gmail.com>, 2015. #zanata
+# Jibec <jean-baptiste@holcroft.fr>, 2016. #zanata
+# Jérôme Fenal <jfenal@gmail.com>, 2016. #zanata
msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
-"PO-Revision-Date: 2015-09-21 08:33-0400\n"
-"Last-Translator: Jérôme Fenal <jfenal@gmail.com>\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
+"PO-Revision-Date: 2016-03-19 03:04-0400\n"
+"Last-Translator: Jibec <jean-baptiste@holcroft.fr>\n"
"Language-Team: French (http://www.transifex.com/projects/p/sssd/language/"
"fr/)\n"
"Language: fr\n"
@@ -24,7 +26,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -70,7 +72,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -91,11 +93,11 @@ msgstr ""
"changements spécifiés sur la ligne de commande."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "OPTIONS"
@@ -257,63 +259,84 @@ msgstr "debug_level (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
+#, fuzzy
+#| msgid "debug_level (integer)"
+msgid "debug (integer)"
+msgstr "debug_level (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:89
msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
+"Ajoute un horodatage aux messages de débogage. Si journald est activé pour "
+"la journalisation de débogage de SSSD, cette option sera ignorée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr "Par défaut : true"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
+"Ajouter les microsecondes à l'horodatage dans les messages de débogage. Si "
+"journald est activé pour la journalisation de débogage de SSSD, cette option "
+"sera ignorée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr "Par défaut : false"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr "Options utilisables dans les sections SERVICE et DOMAIN"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr "timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
@@ -321,33 +344,34 @@ msgstr ""
"Délai d'attente entre deux requêtes pour ce domaine. Ceci est utilisé pour "
"s'assurer que le processus est toujours actif et capable de répondre."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "Par défaut : 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr "SECTIONS SPÉCIALES"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr "La section [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr "Paramètres de sections"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr "config_file_version (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -356,12 +380,12 @@ msgstr ""
"supérieure utiliser la version 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "services"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
@@ -369,7 +393,7 @@ msgstr ""
"lance."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -382,12 +406,12 @@ msgstr ""
"\">, pac</phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -397,17 +421,17 @@ msgstr ""
"d'abandonner"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "Par défaut : 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "domaines"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -415,14 +439,20 @@ msgid ""
"them to be queried. A domain name should only consist of alphanumeric ASCII "
"characters, dashes, dots and underscores."
msgstr ""
+"Un domaine est une base de données contenant les informations utilisateurs. "
+"SSSD peut utiliser plusieurs domaines en même temps, au moins un doit être "
+"configuré ou SSSD ne démarrera pas. Ce paramètre décrit la liste des "
+"domaines dans l'ordre où ils doivent être requêtés. Un nom de domaine ne "
+"doit comprendre que des caractères ASCII alphanumériques, des tirets, des "
+"points et caractères soulignés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr "re_expression (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
@@ -431,7 +461,7 @@ msgstr ""
"contenant le nom d'utilisateur et de domaine dans ces composants."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -443,12 +473,12 @@ msgstr ""
"expressions régulières."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr "full_name_format (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -460,33 +490,33 @@ msgstr ""
"domaine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr "%1$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr "nom d'utilisateur"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr "%2$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
"nom de domaine tel qu'indiqué dans le fichier de configuration de SSSD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr "%3$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
@@ -496,7 +526,7 @@ msgstr ""
"d'approbation IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
@@ -505,7 +535,7 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
@@ -514,12 +544,12 @@ msgstr ""
"Voir les SECTIONS DOMAINE pour plus d'informations sur cette option."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr "try_inotify (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -532,7 +562,7 @@ msgstr ""
"secondes si inotify échoue."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -542,7 +572,7 @@ msgstr ""
"conseillée. Dans ces rares cas, cette option devrait être définie à « false »"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -551,7 +581,7 @@ msgstr ""
"sur les autres plates-formes."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -561,12 +591,12 @@ msgstr ""
"utilisée."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -575,7 +605,7 @@ msgstr ""
"de rejeu Kerberos."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
@@ -585,7 +615,7 @@ msgstr ""
"relecture."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
@@ -594,29 +624,31 @@ msgstr ""
"la construction du logiciel. (__LIBKRB5_DEFAULTS__ si non configuré)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr "user (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
+"L'utilisation vers lequel abandonner les privilèges pour éviter de "
+"fonctionner en tant que l'utilisateur root."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr "Par défaut : non défini, le processus tourne en tant que root"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr "default_domain_suffix (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -632,7 +664,7 @@ msgstr ""
"domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -640,22 +672,28 @@ msgid ""
"is not allowed to use this option together with use_fully_qualified_names "
"set to False."
msgstr ""
+"Noter que, si cette option est définie, tous les utilisateurs du domaine "
+"principal doivent utiliser leur nom pleinement qualifié, par exemple "
+"user@domain.name, pour se connecter. L'utilisation de cette option modifie "
+"la valeur par défaut de use_fully_qualified_names à True. Il n'est pas "
+"possible ni autorisé d'utiliser cette option avec l'option "
+"use_fully_qualified_names à False."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr "Par défaut : non défini"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr "override_space (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -663,9 +701,15 @@ msgid ""
"scripts that have difficulty handling spaces, due to the default field "
"separator in the shell."
msgstr ""
+"Ce paramètre remplace les espaces avec le caractère indiqués pour les noms "
+"d'utilisateurs et de groupes, par ex. (_). Ainsi, le nom &quot;john "
+"doe&quot; deviendra &quot;john_doe&quot;. Cette fonctionnalité a été ajoutée "
+"pour aider à la compatibilité avec les scripts shells qui ont des "
+"difficultés à gérer les espaces, du fait que l'espace est le séparateur par "
+"défaut de l'interpréteur de commande."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -674,12 +718,107 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr "Par défaut : non défini (les espaces ne seront pas remplacées)"
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+#, fuzzy
+#| msgid "ldap_user_certificate (string)"
+msgid "certificate_verification (string)"
+msgstr "ldap_user_certificate (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+#, fuzzy
+#| msgid "These options can be used to configure the PAC responder."
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+"Les options suivantes peuvent être utilisées pour configurer le répondeur "
+"PAC."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+#, fuzzy
+#| msgid "Default: not set, i.e. service discovery is disabled"
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+"Par défaut : non défini, c'est-à-dire que le service de découverte est "
+"désactivé."
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -696,12 +835,12 @@ msgstr ""
"l'identité des domaines. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr "SECTIONS DE SERVICES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -714,22 +853,22 @@ msgstr ""
"section doit être <quote>[nss]</quote>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr "Options générales de configuration de service"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr "Ces options peuvent être utilisées pour configurer les services."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr "fd_limit"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -744,17 +883,17 @@ msgstr ""
"valeur inférieure ou la limite « hard » de limits.conf."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr "Par défault : 8192 (ou la limite « hard » de limits.conf)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr "client_idle_timeout"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -766,19 +905,19 @@ msgstr ""
"ressources sur le système."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr "Par défaut : 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr "force_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -793,12 +932,12 @@ msgstr ""
"l'aide d'un signal SIGKILL."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr "offline_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -806,91 +945,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
-msgstr ""
+msgstr "offline_timeout + random_offset"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr "new_interval = old_interval*2 + random_offset"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr "subdomain_inherit (chaîne)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr "ignore_group_members"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr "ldap_purge_cache_timeout"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr "ldap_use_tokengroups"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr "ldap_user_principal"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr "Exemple : <placeholder type=\"programlisting\" id=\"0\"/>"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr "Par défaut : aucun"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr "Options de configuration NSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -898,12 +983,12 @@ msgstr ""
"Switch (NSS)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -912,17 +997,17 @@ msgstr ""
"énumérations (requêtes sur les informations de tous les utilisateurs)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "Par défaut : 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -933,7 +1018,7 @@ msgstr ""
"valeur de entry_cache_timeout pour le domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -949,7 +1034,7 @@ msgstr ""
"cache."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -962,17 +1047,17 @@ msgstr ""
"de non réponse à moins de 10 secondes (0 pour désactiver l'option)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr "Par défaut : 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -984,22 +1069,56 @@ msgstr ""
"appel au moteur."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "Par défaut : 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "autofs_negative_timeout (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "autofs_negative_timeout (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+#, fuzzy
+#| msgid ""
+#| "Specifies for how many seconds nss_sss should cache negative cache hits "
+#| "(that is, queries for invalid database entries, like nonexistent ones) "
+#| "before asking the back end again."
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+"Spécifie le temps, en secondes, pendant lequel nss_sss doit mettre en cache "
+"les résultats négatifs du cache (c'est-à-dire les requêtes pour les bases de "
+"données invalides, comme celles qui n'existent pas) avant de faire à nouveau "
+"appel au moteur."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Par défaut : 0"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
+#, fuzzy
+#| msgid ""
+#| "Exclude certain users from being fetched from the sss NSS database. This "
+#| "is particularly useful for system accounts. This option can also be set "
+#| "per-domain or include fully-qualified names to filter only users from the "
+#| "particular domain."
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
"Exclue certains utilisateurs de la recherche à partir de la base de données "
"sss NSS. Ceci est particulièrement utile pour les comptes système. Cette "
@@ -1008,17 +1127,26 @@ msgstr ""
"certain domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr "Par défaut : root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -1026,12 +1154,12 @@ msgstr ""
"membres de groupes."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr "fallback_homedir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
@@ -1040,7 +1168,7 @@ msgstr ""
"explicitement spécifié par le fournisseur de données du domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
@@ -1048,7 +1176,7 @@ msgstr ""
"override_homedir."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -1058,25 +1186,25 @@ msgstr ""
" "
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "exemple : <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
"Par défaut : non défini (aucune substitution pour les répertoires d'accueil "
"non définis)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr "override_shell (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -1088,17 +1216,17 @@ msgstr ""
"section [nss], soit par domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr "Par défaut : indéfini (SSSD utilisera la valeur récupérée de LDAP)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr "allowed_shells (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -1106,14 +1234,14 @@ msgstr ""
"indiquées. L'ordre d'évaluation est :"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
"1. Si l'interpréteur de commandes est présent dans <quote>/etc/shells</"
"quote>, il est utilisé."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -1123,7 +1251,7 @@ msgstr ""
"shell_fallback » sera utilisée."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -1132,12 +1260,12 @@ msgstr ""
"ni dans <quote>/etc/shells</quote>, une connexion sans shell est utilisée."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1145,14 +1273,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
"Une chaîne vide pour l'interpréteur de commandes est passée telle quelle est "
"à la libc."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -1162,31 +1290,31 @@ msgstr ""
"est installé."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
"Par défaut : non défini. L'interpréteur de commandes de l'utilisateur est "
"utilisé automatiquement."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
"Remplace toutes les occurences de ces interpréteurs de commandes par "
"l'interpréteur de commandes par défaut"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr "shell_fallback (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -1194,17 +1322,17 @@ msgstr ""
"commandes autorisé n'est pas installé sur la machine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr "Par défaut : /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr "default_shell"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
@@ -1214,7 +1342,7 @@ msgstr ""
"choix soit dans la section [nss], soit par domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
@@ -1224,12 +1352,12 @@ msgstr ""
"nécessaire, habituellement /bin/sh)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr "get_domains_timeout (int)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
@@ -1238,31 +1366,42 @@ msgstr ""
"jugée valide."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr "memcache_timeout (int)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
+#, fuzzy
+#| msgid ""
+#| "Specifies time in seconds for which records in the in-memory cache will "
+#| "be valid"
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
"Spécifie la durée en secondes, pour laquelle les enregistrements du cache en "
"mémoire seront valides"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr "Par défaut : 300"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr "user_attributes (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1273,24 +1412,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr "Par défaut : non défini, repli sur l'option InfoPipe"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr "Options de configuration de PAM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -1299,12 +1438,12 @@ msgstr ""
"Module (PAM)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -1314,17 +1453,17 @@ msgstr ""
"connexion réussie)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr "Par défaut : 0 (pas de limite)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -1333,12 +1472,12 @@ msgstr ""
"échouées sont autorisées."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -1348,7 +1487,7 @@ msgstr ""
"soit possible."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1359,17 +1498,17 @@ msgstr ""
"connexion réussie en ligne peut réactiver l'authentification."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr "Par défaut : 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1379,44 +1518,44 @@ msgstr ""
"affichés sera important."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr "Actuellement sssd supporte les valeurs suivantes :"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis> : ne pas afficher de message"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis> : afficher seulement les messages importants"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis> : afficher les messages d'information"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis> : afficher tous les messages et informations de "
"débogage"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "Par défaut : 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1428,7 +1567,7 @@ msgstr ""
"les dernières informations."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1442,17 +1581,17 @@ msgstr ""
"fournisseur d'identité."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr "Afficher une alerte N jours avant l'expiration du mot de passe."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1463,7 +1602,7 @@ msgstr ""
"ne peut afficher de message d'alerte."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
@@ -1473,7 +1612,7 @@ msgstr ""
"sera automatiquement affiché."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
@@ -1481,107 +1620,204 @@ msgstr ""
"Ce paramètre peut être surchargé par le paramètre "
"<emphasis>pwd_expiration_warning</emphasis> pour un domaine particulier."
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Par défaut : 0"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr "pam_trusted_users (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
+#, fuzzy
+#| msgid ""
+#| "Specifies the comma-separated list of UID values or user names that are "
+#| "allowed to access the PAC responder. User names are resolved to UIDs at "
+#| "startup."
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
+"Spécifie la liste séparée par des virgules des UID ou noms d'utilisateurs "
+"qui sont autorisés à accéder au répondeur PAC. Les noms d'utilisateurs "
+"seront résolus en UID au démarrage."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+#, fuzzy
+#| msgid "Default: all (All users are allowed to access the PAM responder)"
+msgid "Default: All users are considered trusted by default"
msgstr ""
"Par défaut : all (tous les utilisateurs peuvent accéder au répondeur PAM)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr "pam_public_domains (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
+"Deux valeurs spéciales pour l'option pam_public_domains sont définies :"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
+"all (tous les utilisateurs non dignes de confiance sont autorisés à accéder "
+"à tous les domaines PAM dans le répondeur.)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+"none (les utilisateurs non dignes de confiance, Untrusted, ne sont pas "
+"autorisés à accéder à un des domaines PAM dans le répondeur.)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr "Par défaut : aucun"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr "pam_account_expired_message (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1064
+#, fuzzy, no-wrap
+#| msgid ""
+#| "pam_account_expired_message = Account expired, please call help desk.\n"
+#| " "
+msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
+"pam_account_expired_message = Account a expiré, merci de contacter votre assistance.\n"
+" "
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1073
+#, fuzzy
+#| msgid "pam_account_expired_message (string)"
+msgid "pam_account_locked_message (string)"
+msgstr "pam_account_expired_message (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
-#, no-wrap
+#: sssd.conf.5.xml:1083
+#, fuzzy, no-wrap
+#| msgid ""
+#| "pam_account_expired_message = Account expired, please call help desk.\n"
+#| " "
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+"pam_account_expired_message = Account a expiré, merci de contacter votre assistance.\n"
" "
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+#, fuzzy
+#| msgid "enumerate (bool)"
+msgid "pam_cert_auth (bool)"
+msgstr "enumerate (booléen)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr "Par défaut : False"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1106
+#, fuzzy
+#| msgid "krb5_confd_path (string)"
+msgid "pam_cert_db_path (string)"
+msgstr "krb5_confd_path (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
#, fuzzy
#| msgid "pam_id_timeout (integer)"
msgid "p11_child_timeout (integer)"
msgstr "pam_id_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr "Options de configuration de SUDO"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1598,12 +1834,12 @@ msgstr ""
"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr "sudo_timed (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
@@ -1612,22 +1848,22 @@ msgstr ""
"les entrées sudoers sensibles au temps."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr "Options de configuration AUTOFS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr "Ces options peuvent être utilisées pour configurer le service autofs."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1639,23 +1875,23 @@ msgstr ""
"moteur."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr "Options de configuration SSH"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
"Les options suivantes peuvent être utilisées pour configurer le service SSH."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr "ssh_hash_known_hosts (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
@@ -1663,12 +1899,12 @@ msgstr ""
"Condenser ou non les noms de systèmes et adresses du fichier known_hosts"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr "ssh_known_hosts_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
@@ -1677,38 +1913,38 @@ msgstr ""
"known_hosts géré après que ses clés de système ont été demandés."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr "Par défaut : 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
#, fuzzy
#| msgid "mail_dir (string)"
msgid "ca_db (string)"
msgstr "mail_dir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
#| msgid "Default: /etc/krb5.keytab"
msgid "Default: /etc/pki/nssdb"
msgstr "Par défaut : /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr "Options de configuration du répondeur PAC"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1727,7 +1963,7 @@ msgstr ""
"décodées et évaluées, les opérations suivantes sont effectuées :"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1745,7 +1981,7 @@ msgstr ""
"default_shell."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
@@ -1754,19 +1990,19 @@ msgstr ""
"ajouté à ces groupes."
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
"Les options suivantes peuvent être utilisées pour configurer le répondeur "
"PAC."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr "allowed_uids (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1777,14 +2013,14 @@ msgstr ""
"seront résolus en UID au démarrage."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
"Par défaut : 0 (seul l'utilisateur root est autorisé à accéder au répondeur "
"PAC)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1796,18 +2032,32 @@ msgstr ""
"accéder au répondeur PAC, ce qui serait un cas habituel, vous devez ajouter "
"0 à la liste des UID d'utilisateurs autorisés."
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "pam_id_timeout (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "pam_id_timeout (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr "SECTIONS DOMAINES"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1816,7 +2066,7 @@ msgstr ""
"dehors de ces limites, elle est ignorée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1829,7 +2079,7 @@ msgstr ""
"qui sont dans la plage seront rapportés comme prévu."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
@@ -1838,17 +2088,17 @@ msgstr ""
"pas seulement leur recherche par nom ou identifiant."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Default: 1 for min_id, 0 (no limit) for max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr "enumerate (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1857,22 +2107,22 @@ msgstr ""
"valeurs suivantes :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = utilisateurs et groupes sont énumérés"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = aucune énumération pour ce domaine"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr "Par défaut : FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1893,7 +2143,7 @@ msgstr ""
"être recalculées."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1903,7 +2153,7 @@ msgstr ""
"l'énumération ne se termine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1917,7 +2167,7 @@ msgstr ""
"fournisseur d'identité spécifique utilisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
@@ -1926,32 +2176,32 @@ msgstr ""
"déconseillée, surtout dans les environnements de grande taille."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr "subdomain_enumerate (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr "all"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr "Tous les domaines approuvés découverts seront énumérés"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr "none"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr "Aucun domaine approuvé découvert ne sera énuméré"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1965,12 +2215,12 @@ msgstr ""
"activer l'énumération pour ces seuls domaines."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1979,7 +2229,7 @@ msgstr ""
"comme valides avant de les redemander au moteur"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1997,17 +2247,17 @@ msgstr ""
"rafraîchissement des entrées qui sont déjà en cache."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr "Par défaut : 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
@@ -2016,19 +2266,19 @@ msgstr ""
"d'utilisateurs comme valides avant de les redemander au moteur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr "Par défaut : entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
@@ -2037,12 +2287,12 @@ msgstr ""
"groupes comme valides avant de les redemander au moteur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
@@ -2051,12 +2301,12 @@ msgstr ""
"netgroup comme valides avant de les redemander au moteur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
@@ -2065,12 +2315,12 @@ msgstr ""
"service valides avant de les redemander au moteur"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr "entry_cache_sudo_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
@@ -2079,12 +2329,12 @@ msgstr ""
"valides avant de les redemander au moteur"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr "entry_cache_autofs_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
@@ -2093,24 +2343,26 @@ msgstr ""
"cartes d'automontage comme valides avant de les redemander au moteur"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr "entry_cache_ssh_host_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
+"La durée en secondes pendant laquelle conserver une clé ssh d'hôte après "
+"rafraichissement. I.e. combien de temps mettre la clé en cache."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr "refresh_expired_interval (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
@@ -2120,48 +2372,48 @@ msgstr ""
"enregistrements expirés ou sur le point de l'être."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
"Il est envisageable de configurer cette valeur à 3/4 * entry_cache_timeout."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr "Par défaut : 0 (désactivé)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr "cache_credentials (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"Détermine si les données d'identification de l'utilisateur sont aussi mis en "
"cache dans le cache LDB local"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"Les informations d'identification utilisateur sont stockées dans une table "
"de hachage SHA512, et non en texte brut"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -2169,24 +2421,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr "Par défaut : 8"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -2199,17 +2451,17 @@ msgstr ""
"paramètre doit être supérieur ou égal à offline_credentials_expiration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr "Par défaut : 0 (illimité)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr "pwd_expiration_warning (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -2222,17 +2474,17 @@ msgstr ""
"fournisseur oauth doit être configuré pour le moteur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr "Par défaut : 7 (Kerberos), 0 (LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr "id_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
@@ -2240,18 +2492,18 @@ msgstr ""
"d'identification pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr "<quote>proxy</quote> : prise en charge de l'ancien fournisseur NSS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
"<quote>local</quote> : Fournisseur interne SSSD pour les utilisateurs locaux"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2263,8 +2515,8 @@ msgstr ""
"LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2277,8 +2529,8 @@ msgstr ""
"configuration de FreeIPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2290,12 +2542,12 @@ msgstr ""
"d'Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
@@ -2305,7 +2557,7 @@ msgstr ""
"communiqué à NSS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2319,7 +2571,7 @@ msgstr ""
"trouve."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -2331,22 +2583,22 @@ msgstr ""
"qualifié sera demandé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr "Par défaut : false (true si default_domain_suffix est utilisée)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr "ignore_group_members (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr "Ne pas envoyer les membres des groupes sur les recherches de groupes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -2358,7 +2610,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -2366,12 +2618,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr "auth_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -2380,7 +2632,7 @@ msgstr ""
"pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2392,7 +2644,7 @@ msgstr ""
"LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2403,7 +2655,7 @@ msgstr ""
"citerefentry> pour plus d'informations sur la configuration de Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
@@ -2411,12 +2663,12 @@ msgstr ""
"PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> désactive l'authentification explicitement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -2425,12 +2677,12 @@ msgstr ""
"gérer les requêtes d'authentification."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr "access_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2441,7 +2693,7 @@ msgstr ""
"installés). Les fournisseurs internes spécifiques sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
@@ -2450,12 +2702,12 @@ msgstr ""
"d'accès autorisé pour un domaine local."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> toujours refuser les accès."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2468,17 +2720,44 @@ msgstr ""
"d'informations sur la configuration du module d'accès simple."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+#, fuzzy
+#| msgid ""
+#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
+#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring Kerberos."
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+"<quote>krb5</quote> pour une authentification Kerberos. Cf. <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> pour plus d'informations sur la configuration de Kerberos."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+#, fuzzy
+#| msgid ""
+#| "<quote>proxy</quote> for relaying password changes to some other PAM "
+#| "target."
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+"<quote>proxy</quote> pour relayer le changement de mot de passe vers une "
+"autre cible PAM."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr "Par défaut : <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr "chpass_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -2487,7 +2766,7 @@ msgstr ""
"domaine. Les fournisseurs pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2499,7 +2778,7 @@ msgstr ""
"configuration LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2511,7 +2790,7 @@ msgstr ""
"Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
@@ -2519,14 +2798,14 @@ msgstr ""
"autre cible PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
"<quote>none</quote> pour désactiver explicitement le changement de mot de "
"passe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -2535,19 +2814,19 @@ msgstr ""
"peut gérer les changements de mot de passe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr "sudo_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
"Le fournisseur SUDO, utilisé pour le domaine. Les fournisseurs SUDO pris en "
"charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2559,7 +2838,7 @@ msgstr ""
"LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
@@ -2568,7 +2847,7 @@ msgstr ""
"par défaut pour IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
@@ -2577,20 +2856,20 @@ msgstr ""
"par défaut pour AD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "<quote>none</quote> désactive explicitement SUDO."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
"Par défaut : La valeur de <quote>id_provider</quote> est utilisée si elle "
"est définie."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2601,12 +2880,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr "selinux_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2617,7 +2896,7 @@ msgstr ""
"fournisseur d'accès. Les fournisseurs selinux pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2629,14 +2908,14 @@ msgstr ""
"IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
"<quote>none</quote> n'autorise pas la récupération explicite des paramètres "
"selinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
@@ -2645,12 +2924,12 @@ msgstr ""
"gérer le chargement selinux"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr "subdomains_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
@@ -2660,7 +2939,7 @@ msgstr ""
"fournisseurs de sous-domaine pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2672,7 +2951,7 @@ msgstr ""
"IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2681,18 +2960,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
"<quote>none</quote> désactive la récupération explicite des sous-domaines."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr "autofs_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
@@ -2700,7 +2979,7 @@ msgstr ""
"en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2712,7 +2991,7 @@ msgstr ""
"LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2724,17 +3003,34 @@ msgstr ""
"IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+#, fuzzy
+#| msgid ""
+#| "<quote>ipa</quote> to load maps stored in an IPA server. See "
+#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring IPA."
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+"<quote>ipa</quote> pour charger les cartes stockées sur un serveur IPA. Cf. "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> pour plus d'information sur la configuration de "
+"IPA."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr "<quote>none</quote> désactive explicitement autofs."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr "hostid_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
@@ -2743,7 +3039,7 @@ msgstr ""
"systèmes. Les fournisseurs de hostid pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2755,12 +3051,12 @@ msgstr ""
"configuration de IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr "<quote>none</quote> désactive explicitement hostid."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2776,7 +3072,7 @@ msgstr ""
"domaine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2789,22 +3085,22 @@ msgstr ""
"styles différents pour les noms d'utilisateurs :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr "username"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr "username@domain.name"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr "domain\\username"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
@@ -2814,7 +3110,7 @@ msgstr ""
"utilisateurs de domaines Windows."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2825,7 +3121,7 @@ msgstr ""
"importe le domaine après »"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2837,7 +3133,7 @@ msgstr ""
"prendre en charge les sous-motifs nommés multiples."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2846,17 +3142,17 @@ msgstr ""
"la syntaxe Python (?P&lt;name&gt;) pour nommer les sous-motifs."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Par défaut : <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -2865,48 +3161,48 @@ msgstr ""
"utiliser pour effectuer les requêtes DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr "Valeurs prises en charge :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
"ipv4_first : essayer de chercher une adresse IPv4, et en cas d'échec, "
"essayer IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
"ipv4_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
"ipv6_first : essayer de chercher une adresse IPv6, et en cas d'échec, tenter "
"IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
"ipv6_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr "Par défaut : ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2917,18 +3213,18 @@ msgstr ""
"domaine continuera à opérer en mode déconnecté."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr "Par défaut : 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -2937,62 +3233,66 @@ msgstr ""
"du domaine faisant partie de la requête DNS de découverte de services."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
"Par défaut : utiliser la partie du domaine qui est dans le nom de système de "
"la machine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr "override_gid (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr "Redéfinit le GID primaire avec la valeur spécifiée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr "case_sensitive (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
-msgstr ""
+msgstr "True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
-msgstr ""
+msgstr "False"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
-msgstr ""
+msgstr "Insensible à la casse."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
-msgstr ""
+msgstr "Preserving"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
"protocol names) are still lowercased in the output."
msgstr ""
+"Comme False (insensible à la casse), mais ne convertit pas les noms en "
+"minuscules lors des opérations NSS. Notez que les alias de noms (et dans le "
+"cas des services les noms de protocoles) sont toujours en minuscule dans la "
+"sortie."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -3000,46 +3300,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr "Par défaut : true (false pour le fournisseur AD)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
-msgstr "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
+msgstr "subdomain_inherit (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
msgstr ""
-"Quand un utilisateur ou un groupe est recherché par son nom dans le "
-"fournisseur proxy, une deuxième recherche par ID est effectuée pour "
-"récupérer le nom canonique, dans le cas où le nom demandé serait un alias. "
-"Cette option positionnée à true active la recherche par l'ID dans le cache "
-"afin d'améliorer les performances."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr "ignore_group_members"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr "ldap_purge_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr "ldap_use_tokengroups"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr "ldap_user_principal"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr "Exemple : <placeholder type=\"programlisting\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+#, fuzzy
+#| msgid "This option is not available in IPA provider."
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr "Cette option n'est pas disponible dans le fournisseur IPA."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr "subdomain_homedir (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr "%F"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr "nom plat (NetBIOS) d'un sous-domaine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -3055,7 +3398,7 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
@@ -3063,17 +3406,17 @@ msgstr ""
"emphasis>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr "Par défaut : <filename>/home/%d/%u</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr "realmd_tags (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
@@ -3081,14 +3424,14 @@ msgstr ""
"ce domaine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
#, fuzzy
#| msgid "memcache_timeout (int)"
msgid "cached_auth_timeout (int)"
msgstr "memcache_timeout (int)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -3096,12 +3439,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3109,7 +3452,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3121,17 +3464,17 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr "Le proxy cible duquel PAM devient mandataire."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -3140,12 +3483,12 @@ msgstr ""
"ou en créer une nouvelle et ajouter le nom de service ici."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3155,8 +3498,27 @@ msgstr ""
"recherches de fonctions NSS dans la bibliothèque sont sous la forme _nss_"
"$(libName)_$(function), par exemple _nss_files_getpwent."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr "proxy_fast_alias (boolean)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+"Quand un utilisateur ou un groupe est recherché par son nom dans le "
+"fournisseur proxy, une deuxième recherche par ID est effectuée pour "
+"récupérer le nom canonique, dans le cas où le nom demandé serait un alias. "
+"Cette option positionnée à true active la recherche par l'ID dans le cache "
+"afin d'améliorer les performances."
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -3165,12 +3527,12 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr "La section du domaine local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -3181,29 +3543,29 @@ msgstr ""
"dire un domaine qui utilise <replaceable>id_provider=local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr "default_shell (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"L'interpréteur de commandes par défaut pour les utilisateurs créés avec les "
"outils en espace utilisateur SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Par défaut : <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr "base_directory (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -3212,17 +3574,17 @@ msgstr ""
"replaceable> et l'utilisent comme dossier personnel."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr "Par défaut : <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr "create_homedir (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -3231,17 +3593,17 @@ msgstr ""
"utilisateurs. Peut être outrepassé par la ligne de commande."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr "Par défaut : TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr "remove_homedir (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -3250,12 +3612,12 @@ msgstr ""
"suppression des utilisateurs. Peut être outrepassé par la ligne de commande."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr "homedir_umask (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3266,17 +3628,17 @@ msgstr ""
"défaut sur un répertoire personnel nouvellement créé."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr "Par défaut : 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr "skel_dir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -3289,17 +3651,17 @@ msgstr ""
"manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Par défaut : <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr "mail_dir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -3310,17 +3672,17 @@ msgstr ""
"précisé, la valeur par défaut est utilisée."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr "Par défaut : <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -3331,19 +3693,19 @@ msgstr ""
"code en retour de la commande n'est pas pris en compte."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr "Par défaut : None, aucune commande lancée"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "EXEMPLE"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -3397,7 +3759,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -3461,7 +3823,7 @@ msgstr ""
"en tant que fournisseur d'accès."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "OPTIONS DE CONFIGURATION"
@@ -3482,7 +3844,7 @@ msgid ""
msgstr ""
"Spécifie par ordre de préférence la liste séparée par des virgules d'URI des "
"serveurs LDAP auquel doit se connecter SSSD. Se reporter à la section de "
-"<quote>BASCULEMENT</quote> pour plus d'informations sur le basculement et la "
+"<quote>BASCULE</quote> pour plus d'informations sur le repli et la "
"redondance de serveurs. Si aucune de ces options n'est spécifiée, la "
"découverte d'un service est activé. Pour plus d'informations, se reporter à "
"la section de <quote>DÉCOUVERTE DE SERVICE</quote>."
@@ -3526,8 +3888,8 @@ msgid ""
msgstr ""
"Spécifie la liste d'URI séparée par des virgules des serveurs LDAP auquel "
"doit se connecter DSSD par ordre de préférence pour changer le mot de passe "
-"d'un utilisateur. Reportez-vous à la section de <quote>basculement</quote> "
-"pour plus d'informations sur le repli et la redondance de serveurs."
+"d'un utilisateur. Reportez-vous à la section de <quote>bascule</quote> pour "
+"plus d'informations sur le repli et la redondance de serveurs."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:95
@@ -3582,8 +3944,8 @@ msgstr ""
"http://www.ietf.org/rfc/rfc2254.txt"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr "Exemples :"
@@ -3910,7 +4272,7 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -3919,7 +4281,7 @@ msgstr ""
"l'objet parent."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr "Par défaut : modifyTimestamp"
@@ -4385,8 +4747,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "L'attribut LDAP correspondant au nom complet de l'utilisateur."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr "Par défaut : cn"
@@ -4621,11 +4983,33 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
+#, fuzzy
+#| msgid "ldap_group_member (string)"
+msgid "ldap_group_external_member (string)"
+msgstr "ldap_group_member (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:948
+msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+#, fuzzy
+#| msgid "Default: groupType in the AD provider, othewise not set"
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+"Par défaut : groupType dans le fournisseur AD, non configuré pour les autres"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:948
+#: sssd-ldap.5.xml:964
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4637,7 +5021,7 @@ msgstr ""
"schéma RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -4647,26 +5031,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr "Par défaut : 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr "ldap_groups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -4678,7 +5063,7 @@ msgstr ""
"complexes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
@@ -4688,7 +5073,7 @@ msgstr ""
"imbrications très complexes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -4699,7 +5084,7 @@ msgstr ""
"essentiellement « auto-detect »."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4711,19 +5096,13 @@ msgstr ""
"com/en-us/library/windows/desktop/aa746475%28v=vs.85%29.aspx\">la "
"documentation de MSDN(TM)</ulink> pour plus de détails."
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr "Par défaut : False"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr "ldap_initgroups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4735,7 +5114,7 @@ msgstr ""
"complexes)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
@@ -4745,76 +5124,76 @@ msgstr ""
"2008 et versions ultérieures."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr "La classe d'objet d'une entrée de netgroup dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
"Pour un fournisseur IPA, ipa_netgroup_object_class doit être utilisé à la "
"place."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr "Par défaut : nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "L'attribut LDAP correspondant au nom du netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
"Dans le fournisseur IPA, ipa_netgroup_name doit être utilisé à la place."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr "L'attribut LDAP contenant les noms des membres du netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
"Dans le fournisseur IPA, ipa_netgroup_member doit être utilisé à la place."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr "Par défaut : memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
@@ -4822,42 +5201,42 @@ msgstr ""
"netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr "Cette option n'est pas disponible dans le fournisseur IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr "Par défaut : nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr "La classe d'objet d'une entrée de service LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr "Par défaut : ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
@@ -4866,48 +5245,48 @@ msgstr ""
"alias."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "L'attribut LDAP qui contient le port géré par ce service."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr "Par défaut : ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr "L'attribut LDAP qui contient les protocoles compris par ce service."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr "Par défaut : ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4918,7 +5297,7 @@ msgstr ""
"activation du mode hors ligne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4929,12 +5308,12 @@ msgstr ""
"différents types de recherches."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4945,12 +5324,12 @@ msgstr ""
"résultats mis en cache (et activation du mode hors ligne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4967,12 +5346,12 @@ msgstr ""
"citerefentry> rendent la main en cas d'inactivité."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4981,12 +5360,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4999,17 +5378,17 @@ msgstr ""
"courte des deux valeurs entre celle-ci et la durée de vie TGT sera utilisée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr "Par défaut : 900 (15 minutes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -5018,17 +5397,17 @@ msgstr ""
"Certains serveurs LDAP imposent une limite maximale par requête."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr "Par défaut : 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr "ldap_disable_paging (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -5040,7 +5419,7 @@ msgstr ""
"correctement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
@@ -5050,7 +5429,7 @@ msgstr ""
"sera impossible de l'utiliser."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -5061,17 +5440,17 @@ msgstr ""
"cela peut entraîner l'échec de certaines demandes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr "ldap_disable_range_retrieval (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr "Désactiver la récupération de plage Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5087,12 +5466,12 @@ msgstr ""
"apparaissant ainsi sans aucun membre."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr "ldap_sasl_minssf (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -5103,19 +5482,19 @@ msgstr ""
"de cette option sont définies par OpenLDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
"Par défaut : Utiliser la valeur par défaut du système (généralement spécifié "
"par ldap.conf)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5126,7 +5505,7 @@ msgstr ""
"membres manquants est inférieur, ils sont recherchés individuellement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
@@ -5134,7 +5513,7 @@ msgstr ""
"affectant la valeur 0."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -5147,7 +5526,7 @@ msgstr ""
"acceptés sont 389/RHDS, OpenLDAP et Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -5158,12 +5537,12 @@ msgstr ""
"déréférencement est désactivée indépendamment de ce paramètre."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -5172,7 +5551,7 @@ msgstr ""
"session TLS, si elle existe. Une des valeurs suivantes est utilisable :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -5181,7 +5560,7 @@ msgstr ""
"quelconque certificat du serveur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5192,7 +5571,7 @@ msgstr ""
"certificat est fourni, il est ignoré et la session continue normalement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5203,7 +5582,7 @@ msgstr ""
"certificat est fourni, la session se termine immédiatement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -5214,22 +5593,22 @@ msgstr ""
"immédiatement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> : identique à <quote>demand</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr "Par défaut : hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -5238,7 +5617,7 @@ msgstr ""
"certification que <command>sssd</command> reconnaîtra."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -5247,12 +5626,12 @@ msgstr ""
"<filename>/etc/openldap/ldap.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -5266,32 +5645,32 @@ msgstr ""
"corrects."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr "Définit le fichier qui contient le certificat pour la clef du client."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr "Définit le fichier qui contient la clef du client."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5299,12 +5678,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -5314,12 +5693,12 @@ msgstr ""
"canal."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr "ldap_id_mapping (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5331,19 +5710,19 @@ msgstr ""
"ldap_group_gid_number."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
"Cette fonctionnalité ne prend actuellement en charge que la correspondance "
"par objectSID avec Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr "ldap_min_id, ldap_max_id (entiers)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -5363,17 +5742,17 @@ msgstr ""
"identifiants."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr "Par défaut : non indiqué (les deux options sont à 0)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -5382,12 +5761,12 @@ msgstr ""
"pris en charge."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -5401,17 +5780,17 @@ msgstr ""
"exemple host/myhost)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr "Par défaut : host/hostname@REALM"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr "ldap_sasl_realm (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -5422,17 +5801,17 @@ msgstr ""
"domaine, cette option est ignorée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr "Par défaut : la valeur de krb5_realm."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -5441,34 +5820,34 @@ msgstr ""
"le nom de l'hôte au cours d'une liaison SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr "Défaut : false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "Définit le fichier keytab à utiliser pour utiliser SASL/GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Par défaut : le fichier keytab du système, normalement <filename>/etc/krb5."
"keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -5479,27 +5858,27 @@ msgstr ""
"SASL est utilisé et que le mécanisme choisi est GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Définit la durée de vie, en secondes, des TGT si GSSAPI est utilisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr "Par défaut : 86400 (24 heures)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr "krb5_server, krb5_backup_server (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5511,15 +5890,15 @@ msgid ""
msgstr ""
"Spécifie par ordre de préférence la liste séparée par des virgules des "
"adresses IP ou des noms de systèmes des serveurs Kerberos auquel SSSD doit "
-"se connecter. Pour plus d'informations sur la redondance de basculement et "
-"le serveur, consulter la section <quote>BASCULEMENT</quote>. Un numéro de "
-"port facultatif (précédé de deux-points) peut être ajouté aux adresses ou "
-"aux noms de systèmes. Si vide, la découverte de services est activée - pour "
-"plus d'informations, se reporter à la section de <quote>DÉCOUVERTE DE "
-"SERVICES</quote>."
+"se connecter. Pour plus d'informations sur la redondance de bascule et la "
+"redondance de serveur, consulter la section <quote>BASCULE</quote>. Un "
+"numéro de port facultatif (précédé de deux-points) peut être ajouté aux "
+"adresses ou aux noms de systèmes. Si vide, la découverte de services est "
+"activée - pour plus d'informations, se reporter à la section de "
+"<quote>DÉCOUVERTE DE SERVICES</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5530,7 +5909,7 @@ msgstr ""
"comme protocole, et passe sur _tcp si aucune entrée n'est trouvée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -5542,29 +5921,29 @@ msgstr ""
"l'utilisation de <quote>krb5_server</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "Définit le DOMAINE de Kerberos (pour l'authentification SASL/GSSAPI)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Par défaut : valeur par défaut du système, voir <filename>/etc/krb5.conf</"
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -5574,12 +5953,12 @@ msgstr ""
"Kerberos > = 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr "krb5_use_kdcinfo (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5594,7 +5973,7 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5606,12 +5985,12 @@ msgstr ""
"localisation."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -5620,7 +5999,7 @@ msgstr ""
"valeurs suivantes sont acceptées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -5629,7 +6008,7 @@ msgstr ""
"peut pas désactiver la politique sur les mots de passe du côté serveur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5640,7 +6019,7 @@ msgstr ""
"manvolnum></citerefentry> pour évaluer si le mot de passe a expiré."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5652,7 +6031,7 @@ msgstr ""
"est changé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
@@ -5661,17 +6040,17 @@ msgstr ""
"côté serveur, elle prend le pas sur la politique indiquée avec cette option."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr "Définit si le déréférencement automatique doit être activé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -5680,7 +6059,7 @@ msgstr ""
"compilé avec OpenLDAP version 2.4.13 ou supérieur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5694,29 +6073,29 @@ msgstr ""
"permettre d'améliorer de façon notable les performances."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"Définit le nom de service à utiliser quand la découverte de services est "
"activée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr "Par défaut : ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -5725,19 +6104,19 @@ msgstr ""
"un changement de mot de passe quand la découverte de services est activée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
"Par défaut : non défini, c'est-à-dire que le service de découverte est "
"désactivé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr "ldap_chpass_update_last_change (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
@@ -5747,12 +6126,12 @@ msgstr ""
"de passe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5768,12 +6147,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
-msgstr "Exemple:"
+msgstr "Exemple :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -5785,7 +6164,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
@@ -5794,7 +6173,7 @@ msgstr ""
"dont l'attribut employeeType est « admin »."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -5806,17 +6185,17 @@ msgstr ""
"Si tel était le cas, l'accès sera conservé en mode hors-ligne et vice-versa."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr "Par défaut : vide"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -5825,7 +6204,7 @@ msgstr ""
"être activée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5837,12 +6216,12 @@ msgstr ""
"correct."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr "Les valeurs suivantes sont autorisées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -5851,7 +6230,7 @@ msgstr ""
"pour déterminer si le compte a expiré."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5864,7 +6243,7 @@ msgstr ""
"d'expiration du compte est aussi vérifiée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5875,7 +6254,7 @@ msgstr ""
"l'accès est autorisé ou non."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5888,7 +6267,7 @@ msgstr ""
"est autorisé. Si les deux attributs sont manquants, l'accès est autorisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -5899,24 +6278,24 @@ msgstr ""
"ldap_account_expire_policy de fonctionner."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"Liste séparées par des virgules des options de contrôles d'accès. Les "
"valeurs autorisées sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis> : utiliser ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5926,14 +6305,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5946,12 +6325,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>expire</emphasis>: utiliser ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5961,7 +6340,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5971,20 +6350,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -5993,18 +6372,18 @@ msgstr ""
"authorizedService pour déterminer l'accès"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis> : utilise l'attribut host pour déterminer l'accès"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr "Par défaut : filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -6013,12 +6392,12 @@ msgstr ""
"de configuration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr "ldap_pwdlockout_dn (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -6027,22 +6406,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
-msgstr ""
+msgstr "Exemple : cn=ppolicy,ou=policies,dc=example,dc=com"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr "ldap_deref (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -6051,12 +6430,12 @@ msgstr ""
"recherche. Les options suivantes sont autorisées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr "<emphasis>never</emphasis> : les alias ne sont jamais déréférencés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -6066,7 +6445,7 @@ msgstr ""
"recherche."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -6075,7 +6454,7 @@ msgstr ""
"la localisation de l'objet de base de la recherche."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -6084,7 +6463,7 @@ msgstr ""
"recherche et et la localisation de l'objet de base de la recherche."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -6093,12 +6472,12 @@ msgstr ""
"bibliothèques clientes LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr "ldap_rfc2307_fallback_to_local_users (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
@@ -6107,7 +6486,7 @@ msgstr ""
"LDAP pour les serveurs qui utilisent le schéma RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -6125,7 +6504,7 @@ msgstr ""
"initgoups()."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -6136,26 +6515,26 @@ msgstr ""
"ajoutent les utilisateurs locaux aux groupes LDAP."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
#, fuzzy
#| msgid "ldap_opt_timeout (integer)"
msgid "wildcart_limit (integer)"
msgstr "ldap_opt_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -6175,12 +6554,12 @@ msgstr ""
"détails. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr "OPTIONS DE SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -6188,52 +6567,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr "La classe d'objet d'une entrée de règle de sudo dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr "Par défaut : sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "L'attribut LDAP qui correspond au nom de la règle de sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr "L'attribut LDAP qui correspond au nom de la commande."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr "Par défaut : sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
@@ -6242,17 +6621,17 @@ msgstr ""
"réseau IP de l'hôte ou netgroup de l'hôte)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr "Par défaut : sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
@@ -6261,32 +6640,32 @@ msgstr ""
"groupe ou netgroup de l'utilisateur)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr "Par défaut : sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "L'attribut LDAP qui correspond aux options sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr "Par défaut : sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
@@ -6295,17 +6674,17 @@ msgstr ""
"nom d'utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr "Par défaut : sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
@@ -6314,17 +6693,17 @@ msgstr ""
"les commandes seront être exécutées."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr "Par défaut : sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
@@ -6333,17 +6712,17 @@ msgstr ""
"règle sudo est valide."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr "Par défaut : sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
@@ -6352,32 +6731,32 @@ msgstr ""
"règle sudo ne sera plus valide."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr "Par défaut : sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "L'attribut LDAP qui correspond à l'index de tri de la règle."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr "Par défaut : sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr "ldap_sudo_full_refresh_interval (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
@@ -6387,7 +6766,7 @@ msgstr ""
"règles qui sont stockées sur le serveur)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
@@ -6396,17 +6775,17 @@ msgstr ""
"emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr "Par défaut : 21600 (6 heures)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr "ldap_sudo_smart_refresh_interval (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -6418,7 +6797,7 @@ msgstr ""
"cache)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
@@ -6427,12 +6806,12 @@ msgstr ""
"modifyTimestamp est utilisé à la place."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr "ldap_sudo_use_host_filter (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -6442,12 +6821,12 @@ msgstr ""
"noms de systèmes)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr "ldap_sudo_hostnames (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
@@ -6456,7 +6835,7 @@ msgstr ""
"doivent être utilisés pour filtrer les règles."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
@@ -6465,8 +6844,8 @@ msgstr ""
"nom de système et le nom de domaine pleinement qualifié."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
@@ -6475,17 +6854,17 @@ msgstr ""
"emphasis>, alors cette option n'a aucun effet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr "Par défaut : non spécifié"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr "ldap_sudo_ip (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
@@ -6494,7 +6873,7 @@ msgstr ""
"IPv6 qui doivent être utilisés pour filtrer les règles."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
@@ -6503,12 +6882,12 @@ msgstr ""
"automatiquement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr "ldap_sudo_include_netgroups (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
@@ -6517,12 +6896,12 @@ msgstr ""
"netgroup dans l'attribut sudoHost."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr "ldap_sudo_include_regexp (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
@@ -6531,7 +6910,7 @@ msgstr ""
"un joker dans l'attribut sudoHost."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6544,72 +6923,72 @@ msgstr ""
"manvolnum></citerefentry>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr "OPTIONS AUTOFS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr "ldap_autofs_map_master_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr "Le nom de la table de montage automatique maîtresse dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr "Par défaut : auto.master"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
"La classe d'objet d'une entrée de table de montage automatique dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr "Par défaut : automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr "Le nom d'une entrée de table de montage automatique dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr "Par défaut : memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
#, fuzzy
#| msgid ""
#| "The key of an automount entry in LDAP. The entry usually corresponds to a "
@@ -6622,19 +7001,19 @@ msgstr ""
"généralement à un point de montage."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: automountMap"
msgid "Default: automount"
msgstr "Par défaut : automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
@@ -6643,24 +7022,24 @@ msgstr ""
"généralement à un point de montage."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr "Par défaut : memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr "Par défaut : automountInformation"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6673,32 +7052,32 @@ msgstr ""
"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr "OPTIONS AVANCÉES"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
-msgstr ""
+msgstr "<note>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -6707,22 +7086,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
-msgstr ""
+msgstr "</note>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -6731,7 +7110,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6742,7 +7121,7 @@ msgstr ""
"replaceable>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6753,28 +7132,35 @@ msgid ""
"ldap_tls_reqcert = demand\n"
"cache_credentials = true\n"
msgstr ""
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"auth_provider = ldap\n"
+"ldap_uri = ldap://ldap.mydomain.org\n"
+"ldap_search_base = dc=mydomain,dc=org\n"
+"ldap_tls_reqcert = demand\n"
+"cache_credentials = true\n"
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6788,15 +7174,25 @@ msgid ""
"ldap_tls_reqcert = demand\n"
"cache_credentials = true\n"
msgstr ""
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"auth_provider = ldap\n"
+"access_provider = ldap\n"
+"ldap_access_order = lockout\n"
+"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n"
+"ldap_uri = ldap://ldap.mydomain.org\n"
+"ldap_search_base = dc=mydomain,dc=org\n"
+"ldap_tls_reqcert = demand\n"
+"cache_credentials = true\n"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "NOTES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6837,11 +7233,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -6852,22 +7249,22 @@ msgstr ""
"<command>syslog(3)</command> avec l'argument LOG_AUTHPRIV."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr "Supprimer les messages de journal pour les utilisateurs inconnus."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
@@ -6876,12 +7273,12 @@ msgstr ""
"inséré en mémoire pour les autres modules PAM utilisés."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -6893,12 +7290,12 @@ msgstr ""
"l'utilisateur verra son accès refusé."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
@@ -6907,12 +7304,12 @@ msgstr ""
"passe par celui fourni par un module de mot de passe déjà chargé en mémoire."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
@@ -6921,7 +7318,7 @@ msgstr ""
"l'authentification échoue. Par défaut : 0."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -6933,36 +7330,36 @@ msgstr ""
"<option>PasswordAuthentication</option>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr "<option>ignore_unknown_user</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr "<option>ignore_authinfo_unavail</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -6970,7 +7367,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -6979,13 +7376,46 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>allow_missing_name</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr "TYPES DE MODULES FOURNIS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
@@ -6994,12 +7424,12 @@ msgstr ""
"<option>password</option> et <option>session</option>) sont fournis."
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr "FICHIERS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -7011,7 +7441,7 @@ msgstr ""
"exemple, contenir les instructions permettant la réinitialisation."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -7031,7 +7461,7 @@ msgstr ""
"utilisateurs doivent avoir les autorisations en lecture seule."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -7244,7 +7674,7 @@ msgstr ""
"pas pris en compte."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7420,11 +7850,10 @@ msgid ""
msgstr ""
"La liste par ordre de préférence séparée par des virgules des adresses IP ou "
"des noms de systèmes des serveurs IPA auxquels SSSD doit se connecter . Pour "
-"plus d'informations sur la redondance de serveurs et le basculement, "
-"consulter la section de <quote>BASCULEMENT</quote>. Ceci est facultatif si "
-"la découverte automatique est activée. Pour plus d'informations sur la "
-"découverte de services, se reporter à la section de <quote>DÉCOUVERTE DE "
-"SERVICE</quote>."
+"plus d'informations sur la redondance de serveurs et la bascule, consulter "
+"la section <quote>BASCULE</quote>. Ceci est facultatif si la découverte "
+"automatique est activée. Pour plus d'informations sur la découverte de "
+"services, se reporter à la section de <quote>DÉCOUVERTE DE SERVICE</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:105
@@ -7442,18 +7871,25 @@ msgstr ""
"identifier l'hôte."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr "dyndns_update (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:119
+#, fuzzy
+#| msgid ""
+#| "Optional. This option tells SSSD to automatically update the DNS server "
+#| "built into FreeIPA v2 with the IP address of this client. The update is "
+#| "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
+#| "for the updates, if it is not otherwise specified by using the "
+#| "<quote>dyndns_iface</quote> option."
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
"Facultatif. Cette option indique à SSSD de mettre à jour automatiquement le "
"serveur DNS intégré à IPA v2 avec l'adresse IP de ce client. La mise à jour "
@@ -7462,7 +7898,7 @@ msgstr ""
"l'utilisation de l'option <quote>dyndns_iface</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -7484,12 +7920,12 @@ msgstr ""
"configuration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr "dyndns_ttl (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -7516,12 +7952,12 @@ msgid "Default: 1200 (seconds)"
msgstr "Par défaut : 1200 (secondes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr "dyndns_iface (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
#, fuzzy
#| msgid ""
#| "Optional. Applicable only when dyndns_update is true. Choose the "
@@ -7558,7 +7994,7 @@ msgid ""
msgstr "Par défaut : utilise l'adresse IP de la connexion IPA LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -7568,7 +8004,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr "ipa_enable_dns_sites (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr "Active les sites DNS - découverte de service basée sur l'emplacement"
@@ -7593,12 +8029,12 @@ msgstr ""
"seront utilisés comme serveurs de repli"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr "dyndns_refresh_interval (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -7610,12 +8046,12 @@ msgstr ""
"configurée à true."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr "dyndns_update_ptr (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -7640,12 +8076,12 @@ msgid "Default: False (disabled)"
msgstr "Par défaut : False (désactivé)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr "dyndns_force_tcp (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
@@ -7654,40 +8090,40 @@ msgstr ""
"communication avec le serveur DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr "Par défaut : False (laisser nsupdate choisir le protocole)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
#, fuzzy
#| msgid "dyndns_iface (string)"
msgid "dyndns_server (string)"
msgstr "dyndns_iface (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
#, fuzzy
#| msgid "Default: False (let nsupdate choose the protocol)"
msgid "Default: None (let nsupdate choose the server)"
@@ -7811,7 +8247,7 @@ msgid ""
msgstr "Vérifie avec l'aide de krb5_keytab que le TGT obtenu n'est pas usurpé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -7874,6 +8310,9 @@ msgid ""
"continue the authentication without it. This is equivalent to not setting "
"this option at all."
msgstr ""
+"<emphasis>try</emphasis> : eassyer d'utiliser FAST. Si le serveur ne prend "
+"pas en charge FAST, continuer l'authentification sans. Ceci équivaut à ne "
+"pas définir cette option."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433
@@ -7881,8 +8320,8 @@ msgid ""
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
msgstr ""
-"<emphasis>imposer</emphasis> d'utiliser FAST. L'authentification échoue si "
-"le serveur ne requiert pas FAST."
+"<emphasis>demander</emphasis>  : imposer d'utiliser FAST. L'authentification "
+"échoue si le serveur ne requiert pas FAST."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:468
@@ -7901,26 +8340,26 @@ msgstr ""
"MIT Kerberos avec cette option est une erreur de configuration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr "krb5_confd_path (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -7942,7 +8381,7 @@ msgstr ""
"beaucoup de requêtes de contrôle d'accès sur une courte période."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr "Par défaut : 5 (secondes)"
@@ -8275,13 +8714,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -8296,15 +8736,27 @@ msgstr ""
"manvolnum></citerefentry> avec les quelques exceptions décrites ci-dessous."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
+#, fuzzy
+#| msgid ""
+#| "However, it is neither necessary nor recommended to set these options. "
+#| "IPA provider can also be used as an access and chpass provider. As an "
+#| "access provider it uses HBAC (host-based access control) rules. Please "
+#| "refer to freeipa.org for more information about HBAC. No configuration of "
+#| "access provider is required on the client side."
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
+"Toutefois, il n'est ni nécessaire ni recommandé de définir ces options. Le "
+"fournisseur IPA peut également servir comme fournisseur d'accès et chpass. "
+"En tant que fournisseur d'accès, il utilise des règles HBAC (host-based "
+"access control). Veuillez consulter freeipa.org pour plus d'informations sur "
+"HBAC. Aucune configuration de fournisseur d'accès n'est requise côté client."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -8314,7 +8766,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -8327,7 +8779,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -8335,12 +8787,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr "ad_domain (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
@@ -8349,7 +8801,7 @@ msgstr ""
"n'est pas fourni, le nom de domaine de la configuration est utilisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
@@ -8358,7 +8810,7 @@ msgstr ""
"domaine Active Directory, spécifié en minuscules."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
@@ -8367,33 +8819,52 @@ msgstr ""
"autodétecté par SSSD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr "ad_server, ad_backup_server (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
+#, fuzzy
+#| msgid ""
+#| "The comma-separated list of hostnames of the AD servers to which SSSD "
+#| "should connect in order of preference. For more information on failover "
+#| "and server redundancy, see the <quote>FAILOVER</quote> section. This is "
+#| "optional if autodiscovery is enabled. For more information on service "
+#| "discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
"La liste par ordre de préférence séparée par des virgules des noms de "
"systèmes des serveurs AD auquel SSSD doit se connecter. Pour plus "
-"d'informations sur la redondance de serveurs et le basculement, consulter la "
-"section <quote>BASCULEMENT</quote>. Ceci est optionnel si la découverte "
+"d'informations sur la redondance de serveurs et la bascule, consulter la "
+"section <quote>BASCULE</quote>. Ceci est facultatif si la découverte "
"automatique est activée. Pour plus d'informations sur la découverte de "
"services, se reporter à la section de <quote>DÉCOUVERTE DE SERVICE</quote>."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr "ad_hostname (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -8404,7 +8875,7 @@ msgstr ""
"identifier ce système."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
@@ -8414,12 +8885,12 @@ msgstr ""
"publié un fichier keytab."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr "ad_enable_dns_sites (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -8437,12 +8908,12 @@ msgstr ""
"utilisée pendant la découverte de site."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr "ad_access_filter (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -8451,7 +8922,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -8460,7 +8931,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -8469,14 +8940,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -8485,7 +8956,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -8509,29 +8980,29 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr "Par défaut : non défini"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr "ad_site (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr "ad_enable_gc (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -8540,7 +9011,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -8549,12 +9020,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr "ad_gpo_access_control (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -8564,14 +9035,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -8584,23 +9055,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr "Il existe trois valeurs prises en charge pour cette option :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -8608,22 +9079,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr "Par défaut : permissive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr "ad_gpo_cache_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -8631,12 +9102,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr "ad_gpo_map_interactive (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -8644,14 +9115,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -8659,7 +9130,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8671,53 +9142,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr "ad_gpo_map_remote_interactive (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -8725,7 +9221,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -8733,7 +9229,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -8741,7 +9237,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8753,17 +9249,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr "ad_gpo_map_network (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -8771,7 +9272,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -8779,7 +9280,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -8787,7 +9288,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8799,22 +9300,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr "ad_gpo_map_batch (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -8822,14 +9323,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -8837,7 +9338,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8849,17 +9350,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr "ad_gpo_map_service (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -8867,14 +9368,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -8882,7 +9383,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -8893,19 +9394,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr "ad_gpo_map_permit (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -8913,7 +9414,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8925,34 +9426,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr "ad_gpo_map_deny (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -8960,12 +9466,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr "ad_gpo_default_right (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -8978,52 +9484,96 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 300"
+msgid "Default: 30 days"
+msgstr "Par défaut : 300"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+#, fuzzy
+#| msgid "pam_account_expired_message (string)"
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr "pam_account_expired_message (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr "Par défaut : 86400 (24 heures)"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -9041,12 +9591,12 @@ msgstr ""
"<quote>dyndns_iface</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr "Par défaut : 3600 (secondes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
#, fuzzy
#| msgid "Default: Use the IP address of the AD LDAP connection"
msgid ""
@@ -9055,17 +9605,17 @@ msgid ""
msgstr "Par défaut : utilise l'adresse IP de la connexion LDAP AD"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr "Par défaut : True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr "krb5_use_enterprise_principal (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
@@ -9075,7 +9625,7 @@ msgstr ""
"principals d'entreprise."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -9086,7 +9636,7 @@ msgstr ""
"exemples montrent seulement les options spécifiques au fournisseur AD."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -9110,7 +9660,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -9122,7 +9672,7 @@ msgstr ""
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -9133,7 +9683,7 @@ msgstr ""
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -9142,6 +9692,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -9718,7 +10276,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr "Le mot de passe chiffré sera lu sur l'entrée standard."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -9793,17 +10351,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -9811,52 +10374,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
#, fuzzy
#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAINE</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+#, fuzzy
+#| msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -9864,29 +10465,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -9894,43 +10495,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-#, fuzzy
-#| msgid "print properties of a group"
-msgid "Override attributes of a group."
-msgstr "affiche les propriétés d'un groupe"
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
#, fuzzy
#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAINE</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -9938,43 +10572,43 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "SUDO OPTIONS"
msgid "COMMON OPTIONS"
msgstr "OPTIONS DE SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
#, fuzzy
#| msgid "This option is not available in IPA provider."
msgid "Those options are available with all commands."
msgstr "Cette option n'est pas disponible dans le fournisseur IPA."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
@@ -10279,11 +10913,11 @@ msgid ""
msgstr ""
"Spécifie la liste séparée par des virgules des adresses IP ou des noms de "
"systèmes des serveurs Kerberos auquel SSSD doit se connecter, par ordre de "
-"préférence. Pour plus d'informations sur la redondance de basculement et le "
-"serveur, consultez la section de <quote>BASCULEMENT</quote>. Un numéro de "
-"port facultatif (précédé de deux-points) peut être ajouté aux adresses ou "
-"aux noms de systèmes. Si vide, le service de découverte est activé - pour "
-"plus d'informations, se reporter à la section <quote>DÉCOUVERTE DE SERVICE</"
+"préférence. Pour plus d'informations sur la redondance par bascule et le "
+"serveur, consultez la section de <quote>BASCULE</quote>. Un numéro de port "
+"facultatif (précédé de deux-points) peut être ajouté aux adresses ou aux "
+"noms de systèmes. Si vide, le service de découverte est activé - pour plus "
+"d'informations, se reporter à la section <quote>DÉCOUVERTE DE SERVICE</"
"quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -10320,9 +10954,9 @@ msgid ""
"servers to try, the backend is not switched to operate offline if "
"authentication against the KDC is still possible."
msgstr ""
-"Pour plus d'information sur le basculement et la redondance de serveurs, "
-"voir la section <quote>BASCULEMENT</quote>. Noter que même si il n'y a plus "
-"de serveurs kpasswd à essayer, le moteur ne passe pas en mode hors-ligne si "
+"Pour plus d'information sur la bascule et la redondance de serveurs, voir la "
+"section <quote>BASCULE</quote>. Noter que même si il n'y a plus de serveurs "
+"kpasswd à essayer, le moteur ne passe pas en mode hors-ligne si "
"l'authentification KDC est toujours possible."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -10680,8 +11314,8 @@ msgid ""
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
"option at all."
msgstr ""
-"ne <emphasis>jamais</emphasis> utiliser FAST. Ceci équivaut à ne pas définir "
-"cette option."
+"<emphasis>never</emphasis> : ne jamais utiliser FAST. Ceci équivaut à ne pas "
+"définir cette option."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:428
@@ -10689,8 +11323,8 @@ msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
msgstr ""
-"<emphasis>essayer</emphasis> d'utiliser FAST. Si le serveur ne prend pas en "
-"charge FAST, continuer l'authentification sans."
+"<emphasis>try</emphasis> : eassyer d'utiliser FAST. Si le serveur ne prend "
+"pas en charge FAST, continuer l'authentification sans."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:438
@@ -10749,6 +11383,8 @@ msgid ""
"krb5_realm = REALM\n"
"krb5_map_user = joe:juser,dick:richard\n"
msgstr ""
+"krb5_realm = REALM\n"
+"krb5_map_user = joe:juser,dick:richard\n"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:540
@@ -10798,6 +11434,10 @@ msgid ""
"krb5_server = 192.168.1.1\n"
"krb5_realm = EXAMPLE.COM\n"
msgstr ""
+"[domain/FOO]\n"
+"auth_provider = krb5\n"
+"krb5_server = 192.168.1.1\n"
+"krb5_realm = EXAMPLE.COM\n"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
@@ -11338,6 +11978,46 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-g</option>,<option>--group</option> <replaceable>group</"
+#| "replaceable>"
+msgid ""
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
+"replaceable>"
+msgstr ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:190
+#, fuzzy
+#| msgid "Invalidate all cached entries except for sudo rules."
+msgid "Invalidate particular sudo rule."
+msgstr "Invalider toutes les entrées en cache hors règles sudo."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid "<option>-R</option>,<option>--no-remove</option>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr "<option>-R</option>,<option>--no-remove</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+"L'annulation de tous les enregistrements d'utilisateur. Cette option prend "
+"le pas sur l'invalidation d'un utilisateur spécifique, si elle a été "
+"également configuré."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
@@ -11346,7 +12026,7 @@ msgstr ""
"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:190
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr "Restreindre le processus d'invalidation à un domaine particulier."
@@ -11716,7 +12396,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sss_rpcidmapd.5.xml:37
msgid "CONFIGURATION FILE"
-msgstr ""
+msgstr "FICHIER DE CONFIGURATION"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_rpcidmapd.5.xml:39
@@ -11729,7 +12409,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sss_rpcidmapd.5.xml:49
msgid "SSS CONFIGURATION EXTENSION"
-msgstr ""
+msgstr "EXTENSION DE CONFIGURATION SSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sss_rpcidmapd.5.xml:51
@@ -11746,7 +12426,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sss_rpcidmapd.5.xml:59
msgid "[sss] config section"
-msgstr ""
+msgstr "Section de configuration [sss]"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sss_rpcidmapd.5.xml:61
@@ -11774,7 +12454,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sss_rpcidmapd.5.xml:85
msgid "SSSD INTEGRATION"
-msgstr ""
+msgstr "INTÉGRATION SSSD"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_rpcidmapd.5.xml:87
@@ -11808,6 +12488,18 @@ msgid ""
"[Translation]\n"
"Method = sss\n"
msgstr ""
+"[General]\n"
+"Verbosity = 2\n"
+"# domain must be synced between NFSv4 server and clients\n"
+"# Solaris/Illumos/AIX use \"localdomain\" as default!\n"
+"Domain = default\n"
+"\n"
+"[Mapping]\n"
+"Nobody-User = nfsnobody\n"
+"Nobody-Group = nfsnobody\n"
+"\n"
+"[Translation]\n"
+"Method = sss\n"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_rpcidmapd.5.xml:100
@@ -11828,6 +12520,9 @@ msgid ""
"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry>"
msgstr ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
@@ -11872,13 +12567,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:41
+#, fuzzy
+#| msgid ""
+#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#| "manvolnum></citerefentry> can be configured to use "
+#| "<command>sss_ssh_authorizedkeys</command> for public key user "
+#| "authentication if it is compiled with support for either "
+#| "<quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</quote> "
+#| "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+#| "manvolnum></citerefentry> options."
msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> peut être configuré pour utiliser "
@@ -11889,15 +12593,17 @@ msgstr ""
"manvolnum></citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
" AuthorizedKeysCommandUser nobody\n"
msgstr ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -11907,31 +12613,8 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-"Si <quote>PubkeyAgent</quote> est pris en charge, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> peut être configuré pour l'utiliser en utilisant la directive "
-"suivante de la configuration de <citerefentry><refentrytitle>sshd</"
-"refentrytitle> <manvolnum>8</manvolnum></citerefentry> : <placeholder type="
-"\"programlisting\" id=\"0\"/>"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
@@ -11939,12 +12622,12 @@ msgstr ""
"replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr "CODE RETOUR"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -12145,7 +12828,7 @@ msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>"
#. type: Content of: <refsect1><title>
#: include/failover.xml:2
msgid "FAILOVER"
-msgstr "BASCULEMENT"
+msgstr "BASCULE"
#. type: Content of: <refsect1><para>
#: include/failover.xml:4
@@ -12153,13 +12836,13 @@ msgid ""
"The failover feature allows back ends to automatically switch to a different "
"server if the current server fails."
msgstr ""
-"La fonctionnalité de basculement autorise le moteur à basculer "
-"automatiquement sur un serveur différent si le serveur actuel est défaillant."
+"La fonctionnalité de bascule autorise le moteur à basculer automatiquement "
+"sur un serveur différent si le serveur actuel est défaillant."
#. type: Content of: <refsect1><refsect2><title>
#: include/failover.xml:8
msgid "Failover Syntax"
-msgstr "Syntaxe de basculement"
+msgstr "Syntaxe de bascule"
#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:10
@@ -12184,7 +12867,7 @@ msgid ""
"periodically try to reconnect to one of the primary servers. If it succeeds, "
"it will replace the current active (backup) server."
msgstr ""
-"Pour chaque option de configuration alors que le basculement est activé, il "
+"Pour chaque option de configuration alors que la bascule est activée, il "
"existe deux variantes : <emphasis>primary</emphasis> et <emphasis>backup</"
"emphasis>. L'idée est que les serveurs dans la liste principale sont "
"préférés et les serveurs de secours sont interrogés uniquement si aucun "
@@ -12196,7 +12879,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><title>
#: include/failover.xml:27
msgid "The Failover Mechanism"
-msgstr "Mécanisme de basculement"
+msgstr "Mécanisme de bascule"
#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:29
@@ -12211,7 +12894,7 @@ msgid ""
"switches over to the next service. The machine is still considered online "
"and might still be tried for another service."
msgstr ""
-"Le mécanisme de basculement fait la distinction entre une machine et d'un "
+"Le mécanisme de bascule fait la distinction entre une machine et d'un "
"service. Le moteur tente d'abord de résoudre le nom d'hôte d'un ordinateur "
"donné ; en cas d'échec de cette tentative de résolution, la machine est "
"considérée comme hors ligne. Aucune autre tentative n'est faite pour se "
@@ -12460,7 +13143,7 @@ msgstr ""
"<quote>ldap_idmap_range_min</quote>"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr "Par défaut : 200000"
@@ -12528,11 +13211,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -12540,12 +13224,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr "ldap_idmap_default_domain_sid (chaîne)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -12556,22 +13240,22 @@ msgstr ""
"passer par l'algorithme murmurhash décrit ci-dessus."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr "ldap_idmap_default_domain (chaîne)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr "Spécifier le nom de domaine par défaut."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr "ldap_idmap_autorid_compat (boolean)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
@@ -12581,7 +13265,7 @@ msgstr ""
"quote> de winbind."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
@@ -12591,7 +13275,7 @@ msgstr ""
"domaine supplémentaire."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -12606,13 +13290,36 @@ msgstr ""
"<quote>ldap_idmap_default_domain_sid</quote> pour garantir qu'au moins un "
"domaine est systématiquement alloué à la tranche zéro."
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+#, fuzzy
+#| msgid "ldap_idmap_range_size (integer)"
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr "ldap_idmap_range_size (integer)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr "SID bien connus"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -12621,51 +13328,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr "Null Authority"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr "World Authority"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr "Local Authority"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr "Creator Authority"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr "NT Authority"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr "Built-in"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
@@ -13166,3 +13873,22 @@ msgstr "Par défaut : /home"
#~ msgid "Default: ou"
#~ msgstr "Par défaut : ou"
+
+#~ msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+#~ msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+
+#~ msgid ""
+#~ "If <quote>PubkeyAgent</quote> is supported, "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> can be configured to use it by using the "
+#~ "following directive for <citerefentry> <refentrytitle>sshd</"
+#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> configuration: "
+#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
+#~ msgstr ""
+#~ "Si <quote>PubkeyAgent</quote> est pris en charge, "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> peut être configuré pour l'utiliser en "
+#~ "utilisant la directive suivante de la configuration de "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> : <placeholder type=\"programlisting\" id=\"0\"/"
+#~ ">"
diff --git a/src/man/po/ja.po b/src/man/po/ja.po
index f004980b5..cdfb8984b 100644
--- a/src/man/po/ja.po
+++ b/src/man/po/ja.po
@@ -10,7 +10,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/"
@@ -20,7 +20,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -66,7 +66,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -87,11 +87,11 @@ msgstr ""
"するようグループを変更します。"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "オプション"
@@ -241,95 +241,112 @@ msgstr "debug_level (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
+#, fuzzy
+#| msgid "debug_level (integer)"
+msgid "debug (integer)"
+msgstr "debug_level (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:89
msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr "初期値: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr "初期値: false"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr "timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "初期値: 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr "特別セクション"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr "[sssd] セクション"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr "セクションのパラメーター"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr "config_file_version (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -338,18 +355,18 @@ msgstr ""
"ジョン 2 を使用します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "services"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr "sssd 自身が開始するときに開始されるサービスのカンマ区切り一覧です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -358,12 +375,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -372,17 +389,17 @@ msgstr ""
"める前に試行する回数です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "初期値: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "domains"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -392,19 +409,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr "re_expression (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -412,12 +429,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr "full_name_format (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -428,39 +445,39 @@ msgstr ""
"manvolnum> </citerefentry> 互換形式。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr "%1$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr "ユーザー名"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr "%2$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr "SSSD 設定ファイルにおいて指定されるドメイン名。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr "%3$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
@@ -469,19 +486,19 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr "try_inotify (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -494,7 +511,7 @@ msgstr ""
"フォールバックします。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -505,7 +522,7 @@ msgstr ""
"です"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -514,7 +531,7 @@ msgstr ""
"トフォームにおいては偽です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -523,12 +540,12 @@ msgstr ""
"ません。これらのプラットフォームにおいては、ポーリングが常に使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -537,7 +554,7 @@ msgstr ""
"クトリーです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
@@ -546,7 +563,7 @@ msgstr ""
"よう SSSD に指示する、特別な値 __LIBKRB5_DEFAULTS__ を受け付けます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
@@ -555,29 +572,29 @@ msgstr ""
"ければ __LIBKRB5_DEFAULTS__ です)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr "default_domain_suffix (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -587,7 +604,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -597,20 +614,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr "初期値: 設定されません"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -620,7 +637,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -629,12 +646,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "certificate_verification (string)"
+msgstr "re_expression (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+#, fuzzy
+#| msgid "Default: not set, i.e. service discovery is disabled"
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -650,12 +756,12 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr "サービスセクション"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -667,22 +773,22 @@ msgstr ""
"ば、NSS サービスは <quote>[nss]</quote> セクションです"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr "サービス設定の全体オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr "これらのオプションはすべてのサービスを設定するために使用できます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr "fd_limit"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -692,17 +798,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr "client_idle_timeout"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -713,19 +819,19 @@ msgstr ""
"避けるために制限されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr "初期値: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr "force_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -735,12 +841,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -748,89 +854,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr "初期値: none"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr "NSS 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -838,12 +892,12 @@ msgstr ""
"きます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -852,17 +906,17 @@ msgstr ""
"要求)。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "初期値: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -873,7 +927,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -888,7 +942,7 @@ msgstr ""
"とをブロックする必要がありません。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -901,17 +955,17 @@ msgstr ""
"(0 はこの機能を無効にします)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr "初期値: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -922,22 +976,55 @@ msgstr ""
"せ)をキャッシュする秒数を指定します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "初期値: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "autofs_negative_timeout (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "autofs_negative_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+#, fuzzy
+#| msgid ""
+#| "Specifies for how many seconds nss_sss should cache negative cache hits "
+#| "(that is, queries for invalid database entries, like nonexistent ones) "
+#| "before asking the back end again."
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+"nss_sss が再びバックエンドに問い合わせる前にネガティブキャッシュヒット(つま"
+"り、存在しないドメインのように、無効なデータベースエントリーに対する問い合わ"
+"せ)をキャッシュする秒数を指定します。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "初期値: 0"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
+#, fuzzy
+#| msgid ""
+#| "Exclude certain users from being fetched from the sss NSS database. This "
+#| "is particularly useful for system accounts. This option can also be set "
+#| "per-domain or include fully-qualified names to filter only users from the "
+#| "particular domain."
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
"sss NSS データベースから取り出されたものから特定のユーザーを除外します。これ"
"はとくにシステムアカウントに対して有効です。このオプションはドメインごとに設"
@@ -945,17 +1032,26 @@ msgstr ""
"飾名を含めることができます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr "初期値: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -963,12 +1059,12 @@ msgstr ""
"ションを偽に設定します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr "fallback_homedir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
@@ -977,7 +1073,7 @@ msgstr ""
"ホームディレクトリーの標準テンプレートを設定します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
@@ -985,7 +1081,7 @@ msgstr ""
"同じです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -995,23 +1091,23 @@ msgstr ""
" "
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "例: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr "初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr "override_shell (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -1019,17 +1115,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr "初期値: 設定なし (SSSD は LDAP から取得された値を使用します)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr "allowed_shells (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -1037,13 +1133,13 @@ msgstr ""
"す:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
"1. シェルが <quote>/etc/shells</quote> に存在すると、それが使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -1052,7 +1148,7 @@ msgstr ""
"ば、shell_fallback パラメーターの値を使用します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -1061,12 +1157,12 @@ msgstr ""
"ば、nologin シェルが使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1074,12 +1170,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr "シェルの空文字列は libc にそのまま渡されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -1089,27 +1185,27 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr "初期値: 設定されません。ユーザーシェルが自動的に使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr "これらのシェルのインスタンスをすべて shell_fallback に置き換えます"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr "shell_fallback (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -1117,65 +1213,72 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr "初期値: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr "default_shell"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr "get_domains_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr "memcache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr "初期値: 300"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1186,24 +1289,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr "PAM 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -1212,12 +1315,12 @@ msgstr ""
"ために使用できます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -1226,17 +1329,17 @@ msgstr ""
"ラインログインの最終成功からの日数)です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr "初期値: 0 (無制限)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -1244,12 +1347,12 @@ msgstr ""
"認証プロバイダーがオフラインの場合、ログイン試行の失敗が許容される回数です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -1258,7 +1361,7 @@ msgstr ""
"渡される分単位の時間です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1269,17 +1372,17 @@ msgstr ""
"効にできます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr "初期値: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1288,42 +1391,42 @@ msgstr ""
"きいほどメッセージが表示されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr "現在 sssd は以下の値をサポートします:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: 何もメッセージを表示しない"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: 重要なメッセージのみを表示する"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: 情報レベルのメッセージを表示する"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr "<emphasis>3</emphasis>: すべてのメッセージとデバッグ情報を表示する"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "初期値: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1333,7 +1436,7 @@ msgstr ""
"されるよう、SSSD は直ちにキャッシュされた識別情報を更新しようとします。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1346,17 +1449,17 @@ msgstr ""
"アプリケーションごとに)制御します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr "パスワードの期限が切れる前に N 日間警告を表示します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1366,119 +1469,191 @@ msgstr ""
"ことに注意してください。この情報がなければ、sssd は警告を表示します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "初期値: 0"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr "初期値: none"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1064
+#, no-wrap
+msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1073
+#, fuzzy
+#| msgid "ldap_ns_account_lock (string)"
+msgid "pam_account_locked_message (string)"
+msgstr "ldap_ns_account_lock (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1083
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_locked_message = Account locked, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1092
+#, fuzzy
+#| msgid "enumerate (bool)"
+msgid "pam_cert_auth (bool)"
+msgstr "enumerate (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr "初期値: 偽"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "pam_cert_db_path (string)"
+msgstr "ipa_hbac_search_base (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
#, fuzzy
#| msgid "pam_id_timeout (integer)"
msgid "p11_child_timeout (integer)"
msgstr "pam_id_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr "SUDO 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1489,12 +1664,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr "sudo_timed (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
@@ -1503,22 +1678,22 @@ msgstr ""
"を評価するかしないかです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr "Autofs 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr "これらのオプションが autofs サービスを設定するために使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1529,72 +1704,72 @@ msgstr ""
"ヒットする秒数を指定します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr "SSH 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr "これらのオプションは SSH サービスを設定するために使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr "ssh_hash_known_hosts (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr "ssh_known_hosts_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr "初期値: 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
#, fuzzy
#| msgid "mail_dir (string)"
msgid "ca_db (string)"
msgstr "mail_dir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
#| msgid "Default: /etc/krb5.keytab"
msgid "Default: /etc/pki/nssdb"
msgstr "初期値: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1606,7 +1781,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1617,24 +1792,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr "allowed_uids (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1642,12 +1817,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1655,18 +1830,32 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "pam_id_timeout (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "pam_id_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr "ドメインセクション"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1675,7 +1864,7 @@ msgstr ""
"トリーを含む場合、それは無視されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1687,24 +1876,24 @@ msgstr ""
"バーに対して、範囲内にあるものは予期されたものとして報告されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "初期値: min_id は 1, max_id は 0 (無制限)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr "enumerate (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1713,22 +1902,22 @@ msgstr ""
"必要があります:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = ユーザーとグループが列挙されます"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = このドメインに対して列挙しません"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr "初期値: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1740,7 +1929,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1749,7 +1938,7 @@ msgstr ""
"れが完了するまで結果を返しません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1762,39 +1951,39 @@ msgstr ""
"てください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1803,12 +1992,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1817,7 +2006,7 @@ msgstr ""
"数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1828,17 +2017,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr "初期値: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
@@ -1847,19 +2036,19 @@ msgstr ""
"考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr "初期値: entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
@@ -1868,12 +2057,12 @@ msgstr ""
"考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
@@ -1882,12 +2071,12 @@ msgstr ""
"有効であると考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
@@ -1896,94 +2085,94 @@ msgstr ""
"考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr "entry_cache_sudo_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr "entry_cache_autofs_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr "refresh_expired_interval (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr "初期値: 0 (無効)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr "cache_credentials (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"ユーザーのクレディンシャルがローカル LDB キャッシュにキャッシュされるかどうか"
"を決めます"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"ユーザーのクレディンシャルが、平文ではなく SHA512 ハッシュで保存されます"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1991,24 +2180,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -2020,17 +2209,17 @@ msgstr ""
"offline_credentials_expiration と同等以上でなければいけません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr "初期値: 0 (無制限)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr "pwd_expiration_warning (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -2039,17 +2228,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr "初期値: 7 (Kerberos), 0 (LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr "id_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
@@ -2057,17 +2246,17 @@ msgstr ""
"ダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr "<quote>proxy</quote>: レガシーな NSS プロバイダーのサポート"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr "<quote>local</quote>: ローカルユーザー向け SSSD 内部プロバイダー"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2078,8 +2267,8 @@ msgstr ""
"manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2092,8 +2281,8 @@ msgstr ""
"い。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2104,12 +2293,12 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
@@ -2118,7 +2307,7 @@ msgstr ""
"名形式により整形されたように) を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2131,7 +2320,7 @@ msgstr ""
"んが、<command>getent passwd test@LOCAL</command> は見つけられます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -2139,22 +2328,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr "ignore_group_members (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -2166,7 +2355,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -2174,12 +2363,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr "auth_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -2188,7 +2377,7 @@ msgstr ""
"ダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2199,7 +2388,7 @@ msgstr ""
"manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2210,19 +2399,19 @@ msgstr ""
"manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
"<quote>proxy</quote> はいくつかの他の PAM ターゲットに認証を中継します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> は明示的に認証を無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -2231,12 +2420,12 @@ msgstr ""
"ならば、それが使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr "access_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2247,7 +2436,7 @@ msgstr ""
"えます)。内部の特別プロバイダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
@@ -2256,12 +2445,12 @@ msgstr ""
"ロバイダーのみアクセスが許可されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> は常にアクセスを拒否します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2274,17 +2463,44 @@ msgstr ""
"citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+#, fuzzy
+#| msgid ""
+#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
+#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring Kerberos."
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+"<quote>krb5</quote> は Kerberos 認証向けです。Kerberos の設定に関する詳細は "
+"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+#, fuzzy
+#| msgid ""
+#| "<quote>proxy</quote> for relaying password changes to some other PAM "
+#| "target."
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+"<quote>proxy</quote> はいくつかの他の PAM ターゲットにパスワードの変更を中継"
+"します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr "初期値: <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr "chpass_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -2293,7 +2509,7 @@ msgstr ""
"パスワード変更プロバイダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2304,7 +2520,7 @@ msgstr ""
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2315,7 +2531,7 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
@@ -2323,12 +2539,12 @@ msgstr ""
"します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr "<quote>none</quote> は明示的にパスワードの変更を無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -2337,19 +2553,19 @@ msgstr ""
"うことができるならば、それが使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr "sudo_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
"ドメインに使用される SUDO プロバイダーです。サポートされる SUDO プロバイダー"
"は次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2360,33 +2576,33 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "<quote>none</quote> は SUDO を明示的に無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
"初期値: <quote>id_provider</quote> の値が設定されていると使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2397,12 +2613,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr "selinux_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2410,7 +2626,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2418,31 +2634,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr "subdomains_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2450,7 +2666,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2459,17 +2675,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr "<quote>none</quote> はサブドメインの取り出しを明示的に無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr "autofs_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
@@ -2477,7 +2693,7 @@ msgstr ""
"プロバイダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2488,7 +2704,7 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2499,17 +2715,33 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+#, fuzzy
+#| msgid ""
+#| "<quote>ipa</quote> to load maps stored in an IPA server. See "
+#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring IPA."
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+"<quote>ipa</quote> は IPA サーバーに保存されているマップを読み込みます。IPA "
+"の設定に関する詳細は <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr "<quote>none</quote> は明示的に autofs を無効にします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr "hostid_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
@@ -2518,7 +2750,7 @@ msgstr ""
"hostid プロバイダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2529,12 +2761,12 @@ msgstr ""
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr "<quote>none</quote> は明示的に hostid を無効にします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2544,7 +2776,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2553,29 +2785,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr "username"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr "username@domain.name"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr "domain\\username"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2586,7 +2818,7 @@ msgstr ""
"everything after that\" に解釈されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2594,7 +2826,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2603,17 +2835,17 @@ msgstr ""
"Python 構文 (?P&lt;name&gt;) のみをサポートします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "初期値: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -2622,46 +2854,46 @@ msgstr ""
"します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr "サポートする値:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
"ipv4_first: IPv4 アドレスの検索を試行します。失敗すると IPv6 を試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
"ipv4_only: ホスト名を IPv4 アドレスに名前解決することのみを試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
"ipv6_first: IPv6 アドレスの検索を試行します。失敗すると IPv4 を試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
"ipv6_only: ホスト名を IPv6 アドレスに名前解決することのみを試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr "初期値: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2672,18 +2904,18 @@ msgstr ""
"ドにて操作を継続します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr "初期値: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -2692,52 +2924,52 @@ msgstr ""
"イン部分を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr "初期値: マシンのホスト名のドメイン部分を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr "override_gid (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr "プライマリー GID の値を指定されたもので上書きします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2745,7 +2977,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2753,41 +2985,87 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
-msgstr "proxy_fast_alias (論理値)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+#, fuzzy
+#| msgid "This option is not available in IPA provider."
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr "subdomain_homedir (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr "%F"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr "サブドメインのフラット (NetBIOS) 名。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2797,37 +3075,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
"値は <emphasis>override_homedir</emphasis> オプションにより上書きできます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr "初期値: <filename>/home/%d/%u</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr "realmd_tags (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
#, fuzzy
#| msgid "memcache_timeout (int)"
msgid "cached_auth_timeout (int)"
msgstr "memcache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2835,12 +3113,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2848,7 +3126,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2859,17 +3137,17 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr "中継するプロキシターゲット PAM です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -2878,12 +3156,12 @@ msgstr ""
"をここに追加する必要があります。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2893,8 +3171,22 @@ msgstr ""
"おいて検索する NSS 関数は _nss_$(libName)_$(function) の形式です。たとえば "
"_nss_files_getpwent です。"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr "proxy_fast_alias (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -2903,12 +3195,12 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr "ローカルドメインのセクション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2919,27 +3211,27 @@ msgstr ""
"メインに対する設定を含みます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr "default_shell (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr "SSSD ユーザー空間ツールを用いて作成されたユーザーの初期シェルです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr "初期値: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr "base_directory (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -2948,17 +3240,17 @@ msgstr ""
"ホームディレクトリーとして使用します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr "初期値: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr "create_homedir (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -2967,17 +3259,17 @@ msgstr ""
"す。コマンドラインにおいて上書きできます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr "初期値: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr "remove_homedir (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -2986,12 +3278,12 @@ msgstr ""
"す。コマンドラインにおいて上書きできます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr "homedir_umask (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3002,17 +3294,17 @@ msgstr ""
"manvolnum> </citerefentry> により使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr "初期値: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr "skel_dir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -3025,17 +3317,17 @@ msgstr ""
"を含む、スケルトンディレクトリーです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr "初期値: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr "mail_dir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -3046,17 +3338,17 @@ msgstr ""
"が使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr "初期値: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -3067,19 +3359,19 @@ msgstr ""
"せん。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr "初期値: なし、コマンドを実行しません"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "例"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -3133,7 +3425,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -3194,7 +3486,7 @@ msgstr ""
"オプションを参照してください。"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "設定オプション"
@@ -3301,8 +3593,8 @@ msgstr ""
"な LDAP 検索フィルターである必要があります。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr "例:"
@@ -3599,14 +3891,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr "親オブジェクトの最終変更のタイムスタンプを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr "初期値: modifyTimestamp"
@@ -4048,8 +4340,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "ユーザーの完全名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr "初期値: cn"
@@ -4265,11 +4557,30 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
+#, fuzzy
+#| msgid "ldap_group_member (string)"
+msgid "ldap_group_external_member (string)"
+msgstr "ldap_group_member (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:948
+msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:948
+#: sssd-ldap.5.xml:964
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4280,7 +4591,7 @@ msgstr ""
"のオプションは RFC2307 スキーマにおいて効果がありません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -4290,26 +4601,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr "初期値: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr "ldap_groups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -4317,14 +4629,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -4332,7 +4644,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4340,19 +4652,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr "初期値: 偽"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr "ldap_initgroups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4360,81 +4666,81 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr "LDAP にあるネットワークグループエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
"IPA プロバイダーにおいては ipa_netgroup_object_class が代わりに使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr "初期値: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "ネットワークグループ名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr "IPA プロバイダーにおいては ipa_netgroup_name が代わりに使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr "ネットワークグループのメンバーの名前を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
"IPA プロバイダーにおいては ipa_netgroup_member が代わりに使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr "初期値: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
@@ -4442,90 +4748,90 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr "初期値: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr "LDAP にあるサービスエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr "初期値: ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr "サービス属性の名前とそのエイリアスを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "このサービスにより管理されるポートを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr "初期値: ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr "このサービスにより認識されるプロトコルを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr "初期値: ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4533,7 +4839,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4544,12 +4850,12 @@ msgstr ""
"かもしれません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4557,12 +4863,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4578,12 +4884,12 @@ msgstr ""
"citerefentry> が未使用を返した後のタイムアウト(秒単位)を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4592,12 +4898,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4606,17 +4912,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr "初期値: 900 (15 分)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -4625,17 +4931,17 @@ msgstr ""
"バーは 1 要求あたりの最大数の制限を強制します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr "初期値: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr "ldap_disable_paging (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4646,7 +4952,7 @@ msgstr ""
"ことを報告する場合に、このオプションが使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
@@ -4656,7 +4962,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4667,17 +4973,17 @@ msgstr ""
"があります。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr "ldap_disable_range_retrieval (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr "Active Directory の範囲の取得を無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4687,12 +4993,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr "ldap_sasl_minssf (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4700,17 +5006,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4718,13 +5024,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4733,7 +5039,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4741,12 +5047,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -4755,7 +5061,7 @@ msgstr ""
"クするものを指定します。以下の値のうち 1 つを指定できます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -4764,7 +5070,7 @@ msgstr ""
"確認しません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4775,7 +5081,7 @@ msgstr ""
"無視され、セッションが通常通り進められます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4786,7 +5092,7 @@ msgstr ""
"ンが直ちに終了します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4796,22 +5102,22 @@ msgstr ""
"なければ、もしくは不正な証明書が提供されれば、セッションが直ちに終了します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = <quote>demand</quote> と同じです"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr "初期値: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -4821,7 +5127,7 @@ msgstr ""
"書を含むファイルを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -4830,12 +5136,12 @@ msgstr ""
"filename> にあります"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4848,32 +5154,32 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr "クライアントのキーに対する証明書を含むファイルを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr "クライアントのキーを含むファイルを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4881,12 +5187,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -4895,12 +5201,12 @@ msgstr ""
"用する必要がある id_provider 接続を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr "ldap_id_mapping (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4908,18 +5214,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
"この機能は現在 ActiveDirectory objectSID マッピングのみサポートします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr "ldap_min_id, ldap_max_id (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4930,17 +5236,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -4949,12 +5255,12 @@ msgstr ""
"れます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4963,17 +5269,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr "初期値: host/hostname@REALM"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr "ldap_sasl_realm (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4981,17 +5287,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr "初期値: krb5_realm の値"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -5000,33 +5306,33 @@ msgstr ""
"するために逆引きを実行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr "初期値: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "SASL/GSSAPI を使用するときに使用するキーテーブルを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"初期値: システムのキーテーブル、通常 <filename>/etc/krb5.keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -5037,27 +5343,27 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "GSSAPI が使用されている場合、TGT の有効期間を秒単位で指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr "初期値: 86400 (24 時間)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr "krb5_server, krb5_backup_server (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5069,7 +5375,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5080,7 +5386,7 @@ msgstr ""
"ば _tcp にフォールバックします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -5091,27 +5397,27 @@ msgstr ""
"quote> を使用するよう設定ファイルを移行することが推奨されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "(SASL/GSSAPI 認証向け) Kerberos レルムを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr "初期値: システムの初期値、<filename>/etc/krb5.conf</filename> 参照。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -5120,12 +5426,12 @@ msgstr ""
"します。この機能は MIT Kerberos >= 1.7 で利用可能です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr "krb5_use_kdcinfo (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5135,7 +5441,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5146,12 +5452,12 @@ msgstr ""
"manvolnum> </citerefentry> マニュアルページを参照ください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -5160,7 +5466,7 @@ msgstr ""
"す。以下の値が許容されます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -5169,7 +5475,7 @@ msgstr ""
"ンはサーバー側のパスワードポリシーを無効にできません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5180,7 +5486,7 @@ msgstr ""
"manvolnum></citerefentry> 形式の属性を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5191,24 +5497,24 @@ msgstr ""
"とき、これらの属性を更新するために chpass_provider=krb5 を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr "自動参照追跡が有効化されるかを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -5217,7 +5523,7 @@ msgstr ""
"sssd のみが参照追跡をサポートすることに注意してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5226,28 +5532,28 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"サービス検索が有効にされているときに使用するサービスの名前を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr "初期値: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -5256,29 +5562,29 @@ msgstr ""
"を検索するために使用するサービスの名前を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr "ldap_chpass_update_last_change (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5294,12 +5600,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr "例:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -5308,14 +5614,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -5328,17 +5634,17 @@ msgstr ""
"た同様です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr "初期値: 空白"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -5347,7 +5653,7 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5358,12 +5664,12 @@ msgstr ""
"否します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr "以下の値が許可されます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -5372,7 +5678,7 @@ msgstr ""
"ldap_user_shadow_expire の値を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5381,7 +5687,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5392,7 +5698,7 @@ msgstr ""
"ldap_ns_account_lock の値を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5405,7 +5711,7 @@ msgstr ""
"クセスが許可されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -5413,23 +5719,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"アクセス制御オプションのカンマ区切り一覧です。許可される値は次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5439,14 +5745,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5459,12 +5765,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5474,7 +5780,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5484,20 +5790,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -5506,30 +5812,30 @@ msgstr ""
"authorizedService 属性を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr "初期値: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr "値が複数使用されていると設定エラーになることに注意してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5538,22 +5844,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr "ldap_deref (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -5562,12 +5868,12 @@ msgstr ""
"ションが許容されます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr "<emphasis>never</emphasis>: エイリアスが参照解決されません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -5576,7 +5882,7 @@ msgstr ""
"決されますが、検索のベースオブジェクトの位置を探すときはされません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -5585,7 +5891,7 @@ msgstr ""
"すときのみ参照解決されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -5594,7 +5900,7 @@ msgstr ""
"きも位置を検索するときも参照解決されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -5603,19 +5909,19 @@ msgstr ""
"して取り扱われます)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr "ldap_rfc2307_fallback_to_local_users (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5626,7 +5932,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5634,26 +5940,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
#, fuzzy
#| msgid "ldap_opt_timeout (integer)"
msgid "wildcart_limit (integer)"
msgstr "ldap_opt_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5673,12 +5979,12 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr "SUDO オプション"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5686,52 +5992,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr "LDAP にある sudo ルールエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr "初期値: sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "sudo ルール名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr "コマンド名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr "初期値: sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
@@ -5740,17 +6046,17 @@ msgstr ""
"クグループ)に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr "初期値: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
@@ -5759,49 +6065,49 @@ msgstr ""
"る LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr "初期値: sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "sudo オプションに対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr "初期値: sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr "コマンドを実行するユーザー名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr "初期値: sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
@@ -5809,34 +6115,34 @@ msgstr ""
"コマンドを実行するグループ名またはグループの GID に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr "初期値: sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr "sudo ルールが有効になる開始日時に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr "初期値: sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
@@ -5845,39 +6151,39 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr "初期値: sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "ルールの並び替えインデックスに対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr "初期値: sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr "ldap_sudo_full_refresh_interval (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
@@ -5886,17 +6192,17 @@ msgstr ""
"ります"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr "初期値: 21600 (6 時間)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr "ldap_sudo_smart_refresh_interval (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5904,31 +6210,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr "ldap_sudo_use_host_filter (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr "ldap_sudo_hostnames (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
@@ -5937,15 +6243,15 @@ msgstr ""
"区切り一覧です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
@@ -5954,17 +6260,17 @@ msgstr ""
"ならば、このオプションは効果を持ちません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr "初期値: 指定なし"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr "ldap_sudo_ip (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
@@ -5973,7 +6279,7 @@ msgstr ""
"アドレスの空白区切り一覧です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
@@ -5981,31 +6287,31 @@ msgstr ""
"このオプションが空白ならば、SSSD は自動的にアドレスを検索しようとします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr "ldap_sudo_include_netgroups (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr "ldap_sudo_include_regexp (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6017,71 +6323,71 @@ msgstr ""
"refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr "AUTOFS オプション"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr "LDAP にある automount マップエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr "初期値: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr "LDAP における automount のマップエントリーの名前です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr "初期値: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
#, fuzzy
#| msgid ""
#| "The key of an automount entry in LDAP. The entry usually corresponds to a "
@@ -6094,19 +6400,19 @@ msgstr ""
"ントと対応します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: automountMap"
msgid "Default: automount"
msgstr "初期値: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
@@ -6115,24 +6421,24 @@ msgstr ""
"ントと対応します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr "初期値: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr "初期値: automountInformation"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6141,32 +6447,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr "高度なオプション"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -6175,22 +6481,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -6199,7 +6505,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6210,7 +6516,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6223,26 +6529,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6258,13 +6564,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "注記"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6305,11 +6611,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -6320,22 +6627,22 @@ msgstr ""
"て LOG_AUTHPRIV ファシリティでログ記録されます。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr "不明なユーザーのログメッセージを抑制します。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
@@ -6344,12 +6651,12 @@ msgstr ""
"るために、入力されたパスワードがスタックに置かれます。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -6360,12 +6667,12 @@ msgstr ""
"い、またはパスワードが適切でなければ、ユーザーがアクセスを拒否されます。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
@@ -6374,12 +6681,12 @@ msgstr ""
"クされたパスワードモジュールに設定します。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
@@ -6388,7 +6695,7 @@ msgstr ""
"せます。初期値は 0 です。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -6400,36 +6707,36 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -6437,7 +6744,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -6446,13 +6753,46 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>allow_missing_name</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr "提供されるモジュール形式"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
@@ -6461,12 +6801,12 @@ msgstr ""
"<option>password</option> および <option>session</option>) が提供されます。"
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr "ファイル"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -6477,7 +6817,7 @@ msgstr ""
"ば、このメッセージはパスワードをリセットする方法に関する説明があります。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -6489,7 +6829,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6681,7 +7021,7 @@ msgstr ""
"ンの中のグループのみに適用されます。ローカルグループは評価されません。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6862,7 +7202,7 @@ msgstr ""
"使用される完全修飾名を反映しないマシンにおいて設定されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr "dyndns_update (論理値)"
@@ -6870,14 +7210,14 @@ msgstr "dyndns_update (論理値)"
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6895,12 +7235,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr "dyndns_ttl (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6921,12 +7261,12 @@ msgid "Default: 1200 (seconds)"
msgstr "初期値: 1200 (秒)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr "dyndns_iface (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6952,7 +7292,7 @@ msgid ""
msgstr "初期値: IPA LDAP 接続の IP アドレスを使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6962,7 +7302,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr "ipa_enable_dns_sites (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr "DNS サイトの有効化 - 位置情報に基づいたサービス探索。"
@@ -6979,12 +7319,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr "dyndns_refresh_interval (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6992,12 +7332,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr "dyndns_update_ptr (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -7016,12 +7356,12 @@ msgid "Default: False (disabled)"
msgstr "初期値: False (無効)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr "dyndns_force_tcp (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
@@ -7030,40 +7370,40 @@ msgstr ""
"どうか。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
#, fuzzy
#| msgid "dyndns_iface (string)"
msgid "dyndns_server (string)"
msgstr "dyndns_iface (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -7184,7 +7524,7 @@ msgstr ""
"取得された TGT が改ざんされていないかを krb5_keytab の支援で確認します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -7273,26 +7613,26 @@ msgstr ""
"ンを使用すると設定エラーになります。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -7311,7 +7651,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr "初期値: 5 (秒)"
@@ -7615,13 +7955,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7631,15 +7972,28 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
+#, fuzzy
+#| msgid ""
+#| "However, it is neither necessary nor recommended to set these options. "
+#| "IPA provider can also be used as an access and chpass provider. As an "
+#| "access provider it uses HBAC (host-based access control) rules. Please "
+#| "refer to freeipa.org for more information about HBAC. No configuration of "
+#| "access provider is required on the client side."
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
+"しかし、これらのオプションを設定することは必要ありません、また推奨もされませ"
+"ん。IPA プロバイダーはアクセスプロバイダーおよびパスワード変更プロバイダーと"
+"しても使用できます。アクセスプロバイダーとしては、HBAC (ホストベースアクセス"
+"制御) ルールを使用します。HBAC の詳細は freeipa.org を参照してください。アク"
+"セスプロバイダーが設定されていなければ、クライアント側において必要になりま"
+"す。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -7649,7 +8003,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -7662,7 +8016,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -7670,12 +8024,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr "ad_domain (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
@@ -7684,7 +8038,7 @@ msgstr ""
"ければ、設定のドメイン名が使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
@@ -7693,25 +8047,30 @@ msgstr ""
"ンの小文字バージョンとして指定されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr "ad_server, ad_backup_server (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
+#, fuzzy
+#| msgid ""
+#| "The comma-separated list of hostnames of the AD servers to which SSSD "
+#| "should connect in order of preference. For more information on failover "
+#| "and server redundancy, see the <quote>FAILOVER</quote> section. This is "
+#| "optional if autodiscovery is enabled. For more information on service "
+#| "discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
"SSSD が接続したい AD サーバー(優先順)のホスト名のカンマ区切り一覧です。"
"フェールオーバーおよびサーバー冗長化に関する詳細は <quote>FAILOVER</quote> セ"
@@ -7719,13 +8078,27 @@ msgstr ""
"す。サービス探索の詳細は <quote>SERVICE DISCOVERY</quote> セクションを参照し"
"てください。"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr "ad_hostname (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7735,7 +8108,7 @@ msgstr ""
"全修飾名を反映しないマシンにおいてマシンに設定されるかもしれません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
@@ -7744,12 +8117,12 @@ msgstr ""
"されます。キーテーブルが発行されたホスト名と一致する必要があります。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr "ad_enable_dns_sites (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7760,12 +8133,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7774,7 +8147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7783,7 +8156,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7792,14 +8165,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7808,7 +8181,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7823,29 +8196,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7854,7 +8227,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7863,12 +8236,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7878,14 +8251,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7898,23 +8271,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7922,22 +8295,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7945,12 +8318,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7958,14 +8331,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7973,7 +8346,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7985,53 +8358,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -8039,7 +8437,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -8047,7 +8445,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -8055,7 +8453,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8067,17 +8465,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -8085,7 +8488,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -8093,7 +8496,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -8101,7 +8504,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8113,22 +8516,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -8136,14 +8539,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -8151,7 +8554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8163,17 +8566,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -8181,14 +8584,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -8196,7 +8599,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -8207,19 +8610,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -8227,7 +8630,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8239,34 +8642,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -8274,12 +8682,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -8292,52 +8700,94 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 300"
+msgid "Default: 30 days"
+msgstr "初期値: 300"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr "初期値: 86400 (24 時間)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -8348,12 +8798,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr "初期値: 3600 (秒)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
#, fuzzy
#| msgid "Default: Use the IP address of the AD LDAP connection"
msgid ""
@@ -8362,17 +8812,17 @@ msgid ""
msgstr "初期値: AD の LDAP 接続の IP アドレスを使用します"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr "初期値: True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr "krb5_use_enterprise_principal (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
@@ -8382,7 +8832,7 @@ msgstr ""
"してください。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8393,7 +8843,7 @@ msgstr ""
"AD プロバイダー固有のオプションのみ示してします。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -8417,7 +8867,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -8429,7 +8879,7 @@ msgstr ""
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -8437,7 +8887,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -8446,6 +8896,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8955,7 +9413,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr "解読しにくくするパスワードが標準入力から読み込まれます。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -9029,17 +9487,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -9047,50 +9510,86 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -9098,29 +9597,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -9128,41 +9627,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-#, fuzzy
-#| msgid "print properties of a group"
-msgid "Override attributes of a group."
-msgstr "グループのプロパティーを表示します"
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -9170,43 +9702,43 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "SUDO OPTIONS"
msgid "COMMON OPTIONS"
msgstr "SUDO オプション"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
#, fuzzy
#| msgid "This option is not available in IPA provider."
msgid "Those options are available with all commands."
msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
@@ -10519,6 +11051,45 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-g</option>,<option>--group</option> <replaceable>group</"
+#| "replaceable>"
+msgid ""
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
+"replaceable>"
+msgstr ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:190
+#, fuzzy
+#| msgid "Invalidate all cached entries except for sudo rules."
+msgid "Invalidate particular sudo rule."
+msgstr "sudo ルール以外のすべてのキャッシュ項目を無効化します。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid "<option>-R</option>,<option>--no-remove</option>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr "<option>-R</option>,<option>--no-remove</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+"すべてのユーザーレコードを無効にします。このオプションも設定されていると、こ"
+"れが特定のユーザーの無効化を上書きします。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
@@ -10527,7 +11098,7 @@ msgstr ""
"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:190
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr "無効化プロセスを特定のドメインのみに制限します。"
@@ -11029,13 +11600,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:41
+#, fuzzy
+#| msgid ""
+#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#| "manvolnum></citerefentry> can be configured to use "
+#| "<command>sss_ssh_authorizedkeys</command> for public key user "
+#| "authentication if it is compiled with support for either "
+#| "<quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</quote> "
+#| "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+#| "manvolnum></citerefentry> options."
msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> は、 <quote>AuthorizedKeysCommand</quote> または "
@@ -11045,7 +11625,7 @@ msgstr ""
"<command>sss_ssh_authorizedkeys</command> を使用するために設定できます。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -11053,7 +11633,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -11063,31 +11643,8 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-"<quote>PubkeyAgent</quote> がサポートされていると、 "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> は <citerefentry> <refentrytitle>sshd</refentrytitle> "
-"<manvolnum>8</manvolnum></citerefentry> 設定に以下のディレクティブを置くこと"
-"により、これを使用するために設定できます: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
@@ -11095,12 +11652,12 @@ msgstr ""
"します。"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr "終了コード"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -11531,7 +12088,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr "初期値: 200000"
@@ -11592,11 +12149,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -11604,12 +12162,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr "ldap_idmap_default_domain_sid (文字列)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -11617,22 +12175,22 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr "ldap_idmap_default_domain (文字列)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr "初期ドメインの名前を指定します。"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr "ldap_idmap_autorid_compat (論理値)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
@@ -11641,7 +12199,7 @@ msgstr ""
"ために ID マッピングのアルゴリズムの振る舞いを変更します。"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
@@ -11650,7 +12208,7 @@ msgstr ""
"ンに単原子的に増加するよう割り当てられます。"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -11664,13 +12222,36 @@ msgstr ""
"<quote>ldap_idmap_default_domain_sid</quote> オプションも使用することが推奨さ"
"れます。"
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+#, fuzzy
+#| msgid "ldap_idmap_range_size (integer)"
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr "ldap_idmap_range_size (整数)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -11679,51 +12260,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
@@ -12130,3 +12711,21 @@ msgstr ""
#~ msgid "Default: ou"
#~ msgstr "初期値: ou"
+
+#~ msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+#~ msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+
+#~ msgid ""
+#~ "If <quote>PubkeyAgent</quote> is supported, "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> can be configured to use it by using the "
+#~ "following directive for <citerefentry> <refentrytitle>sshd</"
+#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> configuration: "
+#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
+#~ msgstr ""
+#~ "<quote>PubkeyAgent</quote> がサポートされていると、 "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> は <citerefentry> <refentrytitle>sshd</"
+#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> 設定に以下のディレ"
+#~ "クティブを置くことにより、これを使用するために設定できます: <placeholder "
+#~ "type=\"programlisting\" id=\"0\"/>"
diff --git a/src/man/po/lv.po b/src/man/po/lv.po
index 561cc983a..db3e522ed 100644
--- a/src/man/po/lv.po
+++ b/src/man/po/lv.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Latvian (http://www.transifex.com/projects/p/sssd/language/"
@@ -20,7 +20,7 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : "
"2);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -63,7 +63,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -82,11 +82,11 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "IESPĒJAS"
@@ -217,113 +217,130 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "debug (integer)"
+msgstr "noildze (vesels skaitlis)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
msgid "debug_timestamps (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:89
msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr "noildze (vesels skaitlis)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "Noklusējuma: 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "pakalpojumi"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -332,29 +349,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "domēni"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -364,19 +381,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -384,12 +401,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -397,58 +414,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -457,7 +474,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -465,69 +482,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -537,7 +554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -547,20 +564,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -570,7 +587,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -579,12 +596,97 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+msgid "certificate_verification (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -595,12 +697,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -609,22 +711,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -634,17 +736,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -652,19 +754,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr "Noklusējuma: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -674,12 +776,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -687,117 +789,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -805,7 +855,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -815,7 +865,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -824,17 +874,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -842,60 +892,88 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "Noklusējuma: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "noildze (vesels skaitlis)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -903,23 +981,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -927,47 +1005,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -975,103 +1053,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr "Noklusējuma: 300"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1082,72 +1167,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr "Noklusējuma: 0 (bez ierobežojuma)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1155,59 +1240,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "Noklusējuma: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1215,7 +1300,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1224,17 +1309,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1242,119 +1327,185 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1064
+#, no-wrap
+msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1083
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_locked_message = Account locked, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+msgid "pam_cert_db_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
#, fuzzy
#| msgid "timeout (integer)"
msgid "p11_child_timeout (integer)"
msgstr "noildze (vesels skaitlis)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1365,34 +1516,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1400,70 +1551,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
#| msgid "Default: /etc/krb5.keytab"
msgid "Default: /etc/pki/nssdb"
msgstr "Noklusējuma: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1475,7 +1626,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1486,24 +1637,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1511,12 +1662,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1524,25 +1675,39 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "noildze (vesels skaitlis)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1551,46 +1716,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1602,14 +1767,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1618,39 +1783,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1659,19 +1824,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1682,151 +1847,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1834,24 +1999,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1860,17 +2025,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr "Noklusējuma: 0 (neierobežots)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1879,33 +2044,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1913,8 +2078,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1923,8 +2088,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1932,19 +2097,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1953,7 +2118,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1961,22 +2126,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1988,7 +2153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -1996,19 +2161,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2016,7 +2181,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2024,30 +2189,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2055,19 +2220,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2076,24 +2241,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr "Noklusējuma: <quote>atļaut</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2101,7 +2279,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2109,35 +2287,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2145,32 +2323,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2181,12 +2359,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2194,7 +2372,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2202,31 +2380,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2234,7 +2412,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2243,23 +2421,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2267,7 +2445,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2275,24 +2453,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2300,12 +2486,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2315,7 +2501,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2324,29 +2510,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2354,7 +2540,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2362,66 +2548,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Noklusējuma: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr "Atbalstītās vērtības:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2429,70 +2615,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr "Noklusējuma: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2500,7 +2686,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2508,41 +2694,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2552,36 +2782,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
#, fuzzy
#| msgid "timeout (integer)"
msgid "cached_auth_timeout (int)"
msgstr "noildze (vesels skaitlis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2589,12 +2819,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2602,7 +2832,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2610,49 +2840,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2660,73 +2904,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Noklusējuma: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2734,17 +2978,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr "Noklusējuma: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2753,17 +2997,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Noklusējuma: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2771,17 +3015,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr "Noklusējuma: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2789,19 +3033,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "PIEMĒRS"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2831,7 +3075,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2877,7 +3121,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "KONFIGURĒŠANAS IESPĒJAS"
@@ -2977,8 +3221,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr ""
@@ -3267,14 +3511,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3669,8 +3913,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
@@ -3874,19 +4118,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
-msgid "ldap_group_nesting_level (integer)"
+msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:948
msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3896,26 +4157,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3923,14 +4185,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3938,7 +4200,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3946,19 +4208,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3966,168 +4222,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4135,7 +4391,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4143,12 +4399,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4156,12 +4412,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4172,12 +4428,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4186,12 +4442,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4200,34 +4456,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4235,14 +4491,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4250,17 +4506,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4270,12 +4526,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4283,17 +4539,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4301,13 +4557,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4316,7 +4572,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4324,26 +4580,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4351,7 +4607,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4359,7 +4615,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4367,41 +4623,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4410,32 +4666,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4443,24 +4699,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4468,17 +4724,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4489,29 +4745,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4520,17 +4776,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4538,49 +4794,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4588,27 +4844,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr "Noklusējuma: 86400 (24 stundas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4620,7 +4876,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4628,7 +4884,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4636,39 +4892,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4678,7 +4934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4686,26 +4942,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4713,7 +4969,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4721,31 +4977,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4754,56 +5010,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr "Noklusējuma: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4819,12 +5075,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr "Piemērs:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4833,14 +5089,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4849,24 +5105,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4874,19 +5130,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr "Atļautas šādas vērtības:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4895,7 +5151,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4903,7 +5159,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4912,7 +5168,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4920,22 +5176,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4945,14 +5201,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4965,12 +5221,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -4980,7 +5236,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -4990,49 +5246,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr "Noklusējuma: filtrēt"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5041,74 +5297,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5119,7 +5375,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5127,26 +5383,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
#, fuzzy
#| msgid "timeout (integer)"
msgid "wildcart_limit (integer)"
msgstr "noildze (vesels skaitlis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5161,12 +5417,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5174,208 +5430,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5383,101 +5639,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5486,110 +5742,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: posixAccount"
msgid "Default: automount"
msgstr "Noklusējuma: posixAccount"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5598,32 +5854,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr "PAPLAŠINĀTĀS IESPĒJAS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5632,22 +5888,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5656,7 +5912,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5664,7 +5920,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5677,26 +5933,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5712,13 +5968,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "PIEZĪMES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5753,11 +6009,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5765,34 +6022,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5800,31 +6057,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5832,36 +6089,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5869,7 +6126,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5878,25 +6135,58 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>allow_missing_name</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5904,7 +6194,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5916,7 +6206,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6075,7 +6365,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6223,7 +6513,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6231,14 +6521,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6253,12 +6543,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6279,12 +6569,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6308,7 +6598,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6318,7 +6608,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6335,12 +6625,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6348,12 +6638,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6372,50 +6662,50 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6525,7 +6815,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6599,26 +6889,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6637,7 +6927,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6935,13 +7225,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6951,15 +7242,15 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -6967,7 +7258,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -6980,7 +7271,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -6988,53 +7279,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7042,19 +7345,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7065,12 +7368,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7079,7 +7382,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7088,7 +7391,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7097,14 +7400,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7113,7 +7416,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7128,29 +7431,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7159,7 +7462,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7168,12 +7471,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7183,14 +7486,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7203,23 +7506,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7227,22 +7530,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7250,12 +7553,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7263,14 +7566,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7278,7 +7581,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7290,53 +7593,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7344,7 +7672,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7352,7 +7680,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7360,7 +7688,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7372,17 +7700,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7390,7 +7723,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7398,7 +7731,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7406,7 +7739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7418,22 +7751,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7441,14 +7774,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7456,7 +7789,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7468,17 +7801,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7486,14 +7819,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7501,7 +7834,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7512,19 +7845,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7532,7 +7865,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7544,34 +7877,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7579,12 +7917,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7597,52 +7935,94 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 300"
+msgid "Default: 30 days"
+msgstr "Noklusējuma: 300"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr "Noklusējuma: 86400 (24 stundas)"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7653,36 +8033,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7690,7 +8070,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7705,7 +8085,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7714,7 +8094,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7722,7 +8102,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7731,6 +8111,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8189,7 +8577,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8250,17 +8638,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8268,50 +8661,80 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:94
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8319,29 +8742,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8349,39 +8772,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8389,41 +8841,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "CONFIGURATION OPTIONS"
msgid "COMMON OPTIONS"
msgstr "KONFIGURĒŠANAS IESPĒJAS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
msgstr ""
@@ -9565,12 +10017,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10050,13 +10526,13 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10064,7 +10540,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10074,36 +10550,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10490,7 +10949,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10547,11 +11006,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10559,12 +11019,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10572,36 +11032,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10610,13 +11070,34 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10625,51 +11106,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
diff --git a/src/man/po/nl.po b/src/man/po/nl.po
index 05d32b43c..1c7fcf441 100644
--- a/src/man/po/nl.po
+++ b/src/man/po/nl.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/"
@@ -18,7 +18,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -64,7 +64,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -85,11 +85,11 @@ msgstr ""
"die via de opdrachtregel ingegeven zijn."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "OPTIES"
@@ -240,95 +240,112 @@ msgstr "debug_level (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
+#, fuzzy
+#| msgid "debug_level (integer)"
+msgid "debug (integer)"
+msgstr "debug_level (numeriek)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:89
msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr "Standaard: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr "SPECIALE SECTIES"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr "De [sssd] sectie"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr "Sectie parameters"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr "config_file_version (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -337,19 +354,19 @@ msgstr ""
"gebruiken versie 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "diensten"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
"Kommagescheiden lijst van diensten die gestart worden als sssd zelf start."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -358,12 +375,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -372,17 +389,17 @@ msgstr ""
"Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "Standaard: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "domeinen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -392,19 +409,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr "re_expression (tekst)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -412,12 +429,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr "full_name_format (tekst)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -425,58 +442,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr "try_inotify (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -489,7 +506,7 @@ msgstr ""
"kijken of resolv.conf gewijzigd is als er geen inotify beschikbaar is."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -500,7 +517,7 @@ msgstr ""
"gezet worden"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -509,7 +526,7 @@ msgstr ""
"systemen."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -519,12 +536,12 @@ msgstr ""
"conf."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -533,43 +550,43 @@ msgstr ""
"opslaan."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -579,7 +596,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -589,20 +606,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -612,7 +629,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -621,12 +638,99 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "certificate_verification (string)"
+msgstr "re_expression (tekst)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -637,12 +741,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr "SERVICES SECTIE"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -651,22 +755,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr "Algemene service configuratie-opties"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr "Deze opties kunnen gebruikt worden om services te configureren."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -676,17 +780,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -694,19 +798,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -716,12 +820,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -729,89 +833,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr "NSS configuratie-opties"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -819,12 +871,12 @@ msgstr ""
"configurere."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -833,17 +885,17 @@ msgstr ""
"over alle gebruikers)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "Standaard: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -851,7 +903,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -861,7 +913,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -870,17 +922,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -888,60 +940,88 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "entry_negative_timeout (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "entry_negative_timeout (numeriek)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Standaard: 0"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
+msgid ""
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:652
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -949,23 +1029,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -973,47 +1053,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1021,103 +1101,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1128,72 +1215,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1201,59 +1288,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1261,7 +1348,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1270,17 +1357,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1288,119 +1375,187 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Standaard: 0"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1064
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_expired_message = Account expired, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+#, fuzzy
+#| msgid "full_name_format (string)"
+msgid "pam_cert_db_path (string)"
+msgstr "full_name_format (tekst)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
#, fuzzy
#| msgid "enum_cache_timeout (integer)"
msgid "p11_child_timeout (integer)"
msgstr "enum_cache_timeout (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1411,34 +1566,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1446,68 +1601,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
msgid "Default: /etc/pki/nssdb"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1519,7 +1674,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1530,24 +1685,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1555,12 +1710,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1568,25 +1723,39 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "enum_cache_timeout (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "enum_cache_timeout (numeriek)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1595,46 +1764,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1646,14 +1815,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1662,39 +1831,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1703,19 +1872,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1726,151 +1895,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1878,24 +2047,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1904,17 +2073,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1923,33 +2092,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1957,8 +2126,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1967,8 +2136,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1976,19 +2145,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1997,7 +2166,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -2005,22 +2174,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -2032,7 +2201,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -2040,19 +2209,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2060,7 +2229,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2068,30 +2237,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2099,19 +2268,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2120,24 +2289,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2145,7 +2327,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2153,35 +2335,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2189,32 +2371,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2225,12 +2407,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2238,7 +2420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2246,31 +2428,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2278,7 +2460,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2287,23 +2469,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2311,7 +2493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2319,24 +2501,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2344,12 +2534,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2359,7 +2549,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2368,29 +2558,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2401,7 +2591,7 @@ msgstr ""
"het domein alles daarna\""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2409,7 +2599,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2418,59 +2608,59 @@ msgstr ""
"(?P&lt;name&gt;) om subpatronen aan te geven."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Standaard: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2478,70 +2668,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2549,7 +2739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2557,41 +2747,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2601,36 +2835,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
#, fuzzy
#| msgid "enum_cache_timeout (integer)"
msgid "cached_auth_timeout (int)"
msgstr "enum_cache_timeout (numeriek)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2638,12 +2872,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2651,7 +2885,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2659,49 +2893,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2709,73 +2957,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2783,17 +3031,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2802,17 +3050,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2820,17 +3068,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2838,19 +3086,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2880,7 +3128,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2926,7 +3174,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -3026,8 +3274,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr ""
@@ -3316,14 +3564,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3718,8 +3966,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
@@ -3923,19 +4171,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
-msgid "ldap_group_nesting_level (integer)"
+msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:948
msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3945,26 +4210,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3972,14 +4238,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3987,7 +4253,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3995,19 +4261,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4015,168 +4275,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4184,7 +4444,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4192,12 +4452,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4205,12 +4465,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4221,12 +4481,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4235,12 +4495,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4249,34 +4509,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4284,14 +4544,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4299,17 +4559,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4319,12 +4579,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4332,17 +4592,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4350,13 +4610,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4365,7 +4625,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4373,26 +4633,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4400,7 +4660,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4408,7 +4668,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4416,41 +4676,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4459,32 +4719,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4492,24 +4752,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4517,17 +4777,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4538,29 +4798,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4569,17 +4829,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4587,49 +4847,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4637,27 +4897,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4669,7 +4929,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4677,7 +4937,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4685,39 +4945,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4727,7 +4987,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4735,26 +4995,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4762,7 +5022,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4770,31 +5030,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4803,56 +5063,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4868,12 +5128,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4882,14 +5142,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4898,24 +5158,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4923,19 +5183,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4944,7 +5204,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4952,7 +5212,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4961,7 +5221,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4969,22 +5229,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4994,14 +5254,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5014,12 +5274,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5029,7 +5289,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5039,49 +5299,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5090,74 +5350,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5168,7 +5428,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5176,26 +5436,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
#, fuzzy
#| msgid "enum_cache_timeout (integer)"
msgid "wildcart_limit (integer)"
msgstr "enum_cache_timeout (numeriek)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5210,12 +5470,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5223,208 +5483,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5432,101 +5692,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5535,110 +5795,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: true"
msgid "Default: automount"
msgstr "Standaard: true"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5647,32 +5907,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5681,22 +5941,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5705,7 +5965,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5713,7 +5973,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5726,26 +5986,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5761,13 +6021,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5802,11 +6062,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5814,34 +6075,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5849,31 +6110,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5881,36 +6142,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5918,7 +6179,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5927,25 +6188,56 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5953,7 +6245,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5965,7 +6257,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6124,7 +6416,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6272,7 +6564,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6280,14 +6572,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6302,12 +6594,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6328,12 +6620,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6357,7 +6649,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6367,7 +6659,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6384,12 +6676,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6397,12 +6689,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6421,50 +6713,50 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6574,7 +6866,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6648,26 +6940,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6686,7 +6978,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6984,13 +7276,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7000,15 +7293,15 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -7016,7 +7309,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -7029,7 +7322,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -7037,53 +7330,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7091,19 +7396,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7114,12 +7419,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7128,7 +7433,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7137,7 +7442,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7146,14 +7451,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7162,7 +7467,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7177,29 +7482,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7208,7 +7513,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7217,12 +7522,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7232,14 +7537,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7252,23 +7557,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7276,22 +7581,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7299,12 +7604,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7312,14 +7617,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7327,7 +7632,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7339,53 +7644,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7393,7 +7723,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7401,7 +7731,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7409,7 +7739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7421,17 +7751,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7439,7 +7774,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7447,7 +7782,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7455,7 +7790,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7467,22 +7802,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7490,14 +7825,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7505,7 +7840,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7517,17 +7852,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7535,14 +7870,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7550,7 +7885,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7561,19 +7896,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7581,7 +7916,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7593,34 +7928,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7628,12 +7968,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7646,52 +7986,92 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: 30 days"
+msgstr "Standaard: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7702,36 +8082,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7739,7 +8119,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7754,7 +8134,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7763,7 +8143,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7771,7 +8151,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7780,6 +8160,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8238,7 +8626,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8305,17 +8693,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8323,50 +8716,80 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8374,29 +8797,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8404,39 +8827,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8444,41 +8896,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "OPTIONS"
msgid "COMMON OPTIONS"
msgstr "OPTIES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
#| msgid ""
#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
@@ -9625,13 +10077,49 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
+"<option>-r</option>,<option>--remove-group</option> <replaceable>GROEPEN</"
+"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid ""
+#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+"<option>-a</option>,<option>--append-group</option> <replaceable>GROEPEN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10111,13 +10599,13 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10125,7 +10613,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10135,36 +10623,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10551,7 +11022,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10608,11 +11079,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10620,12 +11092,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10633,36 +11105,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10671,13 +11143,34 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10686,51 +11179,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
diff --git a/src/man/po/po4a.cfg b/src/man/po/po4a.cfg
index 67e87ba70..6dbf11906 100644
--- a/src/man/po/po4a.cfg
+++ b/src/man/po/po4a.cfg
@@ -1,4 +1,4 @@
-[po4a_langs] br ca cs de eu es fr ja lv nl pt ru tg uk zh_CN
+[po4a_langs] br ca cs de eu es fr ja lv nl pt pt_BR ru tg uk zh_CN
[po4a_paths] po/sssd-docs.pot $lang:po/$lang.po
[type:docbook] sss_groupmod.8.xml $lang:$(builddir)/$lang/sss_groupmod.8.xml
[type:docbook] sssd.conf.5.xml $lang:$(builddir)/$lang/sssd.conf.5.xml
diff --git a/src/man/po/pt.po b/src/man/po/pt.po
index bf0d7f11a..9722f7c8f 100644
--- a/src/man/po/pt.po
+++ b/src/man/po/pt.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/"
@@ -18,7 +18,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -64,7 +64,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -85,11 +85,11 @@ msgstr ""
"que são especificadas na linha de comando."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "Opções"
@@ -235,95 +235,112 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "debug (integer)"
+msgstr "timeout (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
msgid "debug_timestamps (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:89
msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr "Padrão: false"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr "timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "Padrão: 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr "SECÇÕES ESPECIAIS"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr "A seção [SSSD]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr "Parâmetros de secção"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr "config_file_version (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -332,12 +349,12 @@ msgstr ""
"versão 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "serviços"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
@@ -345,7 +362,7 @@ msgstr ""
"separados por vírgulas."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -354,12 +371,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -368,17 +385,17 @@ msgstr ""
"falha do provedor de dados ou reiniciar antes de eles desistirem"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "Padrão: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "domínios"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -388,19 +405,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr "re_expression (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -408,12 +425,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr "full_name_format (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -421,58 +438,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr "try_inotify (boolean)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -481,7 +498,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -489,69 +506,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -561,7 +578,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -571,20 +588,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -594,7 +611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -603,12 +620,99 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "certificate_verification (string)"
+msgstr "re_expression (string)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -619,12 +723,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -633,22 +737,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -658,17 +762,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -676,19 +780,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr "Padrão: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -698,12 +802,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -711,117 +815,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr "Padrão: none"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -829,7 +881,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -839,7 +891,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -848,17 +900,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr "Padrão: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -866,60 +918,88 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "ldap_network_timeout (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "ldap_network_timeout (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -927,23 +1007,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -951,47 +1031,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr "allowed_shells (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -999,103 +1079,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr "shell_fallback (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr "Padrão: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr "Padrão: 300"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1106,72 +1193,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1179,59 +1266,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "Padrão: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1239,7 +1326,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1248,17 +1335,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1266,119 +1353,189 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr "Padrão: none"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1064
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_expired_message = Account expired, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+#, fuzzy
+#| msgid "enumerate (bool)"
+msgid "pam_cert_auth (bool)"
+msgstr "enumerate (bool)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "pam_cert_db_path (string)"
+msgstr "ipa_hbac_search_base (string)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
#, fuzzy
#| msgid "pam_id_timeout (integer)"
msgid "p11_child_timeout (integer)"
msgstr "pam_id_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1389,34 +1546,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1424,72 +1581,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
#, fuzzy
#| msgid "mail_dir (string)"
msgid "ca_db (string)"
msgstr "mail_dir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
#| msgid "Default: /etc/krb5.keytab"
msgid "Default: /etc/pki/nssdb"
msgstr "Padrão: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1501,7 +1658,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1512,24 +1669,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1537,12 +1694,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1550,25 +1707,39 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "pam_id_timeout (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "pam_id_timeout (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr "SECÇÕES DE DOMÍNIO"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1577,46 +1748,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Padrão: 1 para min_id, 0 (sem limite) para max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr "enumerate (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr "Padrão: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1628,14 +1799,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1644,39 +1815,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1685,19 +1856,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1708,151 +1879,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr "Padrão: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr "cache_credentials (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1860,24 +2031,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1886,17 +2057,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr "Padrão: 0 (ilimitado)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1905,33 +2076,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr "id_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1939,8 +2110,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1949,8 +2120,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1958,19 +2129,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1979,7 +2150,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1987,22 +2158,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -2014,7 +2185,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -2022,19 +2193,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr "auth_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2042,7 +2213,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2050,30 +2221,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr "access_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2081,19 +2252,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2102,24 +2273,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2127,7 +2311,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2135,35 +2319,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2171,32 +2355,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2207,12 +2391,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2220,7 +2404,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2228,31 +2412,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2260,7 +2444,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2269,23 +2453,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2293,7 +2477,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2301,24 +2485,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2326,12 +2518,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2341,7 +2533,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2350,29 +2542,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2380,7 +2572,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2388,66 +2580,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Default: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr "Default: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2455,70 +2647,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr "Padrão: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr "override_gid (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2526,7 +2718,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2534,41 +2726,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2578,36 +2814,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
#, fuzzy
#| msgid "krb5_auth_timeout (integer)"
msgid "cached_auth_timeout (int)"
msgstr "krb5_auth_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2615,12 +2851,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2628,7 +2864,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2636,49 +2872,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr "A secção de domínio local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2686,73 +2936,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr "default_shell (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Padrão: <filename>bash/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr "base_directory (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr "Padrão: <filename>/ home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr "create_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr "Padrão: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr "remove_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr "homedir_umask (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2760,17 +3010,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr "Padrão: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr "skel_dir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2779,17 +3029,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Padrão: <filename>skel/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr "mail_dir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2797,17 +3047,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr "Padrão: <filename>mail/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2815,19 +3065,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr "Padrão: None, nenhum comando é executado"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "EXEMPLO"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2881,7 +3131,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2927,7 +3177,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "OPÇÕES DE CONFIGURAÇÃO"
@@ -3027,8 +3277,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr "Exemplos:"
@@ -3321,14 +3571,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr "Padrão: modifyTimestamp"
@@ -3723,8 +3973,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr "Padrão: NC"
@@ -3928,11 +4178,30 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
+#, fuzzy
+#| msgid "ldap_group_search_base (string)"
+msgid "ldap_group_external_member (string)"
+msgstr "ldap_group_search_base (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:948
+msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:948
+#: sssd-ldap.5.xml:964
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3940,7 +4209,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3950,26 +4219,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3977,14 +4247,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3992,7 +4262,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4000,19 +4270,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4020,168 +4284,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr "Padrão: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4189,7 +4453,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4197,12 +4461,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4210,12 +4474,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4226,12 +4490,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4240,12 +4504,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4254,34 +4518,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr "Padrão: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4289,14 +4553,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4304,17 +4568,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4324,12 +4588,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4337,17 +4601,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4355,13 +4619,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4370,7 +4634,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4378,19 +4642,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -4399,7 +4663,7 @@ msgstr ""
"qualquer certificado de servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4407,7 +4671,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4415,7 +4679,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4423,41 +4687,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr "Padrão: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4466,32 +4730,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4499,24 +4763,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4524,17 +4788,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4545,29 +4809,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4576,17 +4840,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4594,50 +4858,50 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr "Padrão: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Padrão: Sistema keytab, normalmente <filename>/etc/krb5.keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4645,27 +4909,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr "Padrão: 86400 (24 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4677,7 +4941,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4685,7 +4949,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4693,39 +4957,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4735,7 +4999,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4743,26 +5007,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4770,7 +5034,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4778,31 +5042,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4811,56 +5075,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4876,12 +5140,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4890,14 +5154,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4906,24 +5170,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4931,19 +5195,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4952,7 +5216,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4960,7 +5224,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4969,7 +5233,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4977,22 +5241,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5002,14 +5266,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5022,12 +5286,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5037,7 +5301,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5047,49 +5311,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr "Padrão: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5098,74 +5362,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr "ldap_deref (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5176,7 +5440,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5184,26 +5448,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
#, fuzzy
#| msgid "ldap_opt_timeout (integer)"
msgid "wildcart_limit (integer)"
msgstr "ldap_opt_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5218,12 +5482,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5231,208 +5495,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5440,101 +5704,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5543,110 +5807,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: none"
msgid "Default: automount"
msgstr "Padrão: none"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5655,32 +5919,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr "OPÇÕES AVANÇADAS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5689,22 +5953,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5713,7 +5977,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5721,7 +5985,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5734,26 +5998,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5769,13 +6033,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "NOTAS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5810,11 +6074,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5822,34 +6087,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5857,31 +6122,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5889,36 +6154,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5926,7 +6191,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5935,25 +6200,58 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>allow_missing_name</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr "MÓDULOS TIPO FORNECIDOS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr "FICHEIROS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5961,7 +6259,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5973,7 +6271,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6132,7 +6430,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6280,7 +6578,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6288,14 +6586,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6310,12 +6608,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6336,12 +6634,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6365,7 +6663,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6375,7 +6673,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6392,12 +6690,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6405,12 +6703,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6429,52 +6727,52 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
#, fuzzy
#| msgid "id_provider (string)"
msgid "dyndns_server (string)"
msgstr "id_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6584,7 +6882,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6658,26 +6956,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6696,7 +6994,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6994,13 +7292,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7010,15 +7309,15 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -7026,7 +7325,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -7039,7 +7338,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -7047,53 +7346,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7101,19 +7412,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7124,12 +7435,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7138,7 +7449,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7147,7 +7458,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7156,14 +7467,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7172,7 +7483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7187,29 +7498,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7218,7 +7529,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7227,12 +7538,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7242,14 +7553,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7262,23 +7573,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7286,22 +7597,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7309,12 +7620,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7322,14 +7633,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7337,7 +7648,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7349,53 +7660,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7403,7 +7739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7411,7 +7747,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7419,7 +7755,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7431,17 +7767,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7449,7 +7790,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7457,7 +7798,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7465,7 +7806,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7477,22 +7818,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7500,14 +7841,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7515,7 +7856,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7527,17 +7868,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7545,14 +7886,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7560,7 +7901,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7571,19 +7912,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7591,7 +7932,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7603,34 +7944,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7638,12 +7984,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7656,52 +8002,94 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 300"
+msgid "Default: 30 days"
+msgstr "Padrão: 300"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr "Padrão: 86400 (24 horas)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7712,36 +8100,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr "Padrão: TRUE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7749,7 +8137,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7764,7 +8152,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7773,7 +8161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7781,7 +8169,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7790,6 +8178,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8255,7 +8651,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8327,17 +8723,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8345,50 +8746,86 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8396,29 +8833,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8426,39 +8863,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:191
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8466,41 +8938,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "CONFIGURATION OPTIONS"
msgid "COMMON OPTIONS"
msgstr "OPÇÕES DE CONFIGURAÇÃO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
@@ -9653,13 +10125,44 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-f</option>,<option>--file</option> <replaceable>FILE</"
+#| "replaceable>"
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
+"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid "<option>-R</option>,<option>--recursive</option>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr "<option>-R</option>,<option>--recursive</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10139,13 +10642,13 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10153,7 +10656,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10163,36 +10666,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10579,7 +11065,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10636,11 +11122,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10648,12 +11135,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10661,36 +11148,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10699,13 +11186,36 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr "ldap_page_size (integer)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10714,51 +11224,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po
new file mode 100644
index 000000000..631a5be90
--- /dev/null
+++ b/src/man/po/pt_BR.po
@@ -0,0 +1,11506 @@
+# Marco Aurélio Krause <ouesten@me.com>, 2015. #zanata
+msgid ""
+msgstr ""
+"Project-Id-Version: sssd-docs 1.12.90\n"
+"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
+"PO-Revision-Date: 2015-10-27 08:16-0400\n"
+"Last-Translator: Marco Aurélio Krause <ouesten@me.com>\n"
+"Language-Team: Portuguese (Brazil)\n"
+"Language: pt-BR\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Zanata 3.8.4\n"
+"Plural-Forms: nplurals=2; plural=(n != 1)\n"
+
+#. type: Content of: <reference><title>
+#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
+#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
+#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5
+#: sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
+#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
+#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5
+#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
+#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_ssh_knownhostsproxy.1.xml:5
+msgid "SSSD Manual pages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
+msgid "sss_groupmod"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
+#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11
+#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11
+#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11
+#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11
+msgid "8"
+msgstr "8"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupmod.8.xml:16
+msgid "modify a group"
+msgstr "Modificar um grupo"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupmod.8.xml:21
+msgid ""
+"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
+#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
+#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
+#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
+#: sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30
+#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29
+#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21
+#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31
+msgid "DESCRIPTION"
+msgstr "DESCRIÇÃO"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupmod.8.xml:32
+msgid ""
+"<command>sss_groupmod</command> modifies the group to reflect the changes "
+"that are specified on the command line."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
+#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
+#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+msgid "OPTIONS"
+msgstr "OPÇÕES"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
+msgid ""
+"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupmod.8.xml:48
+msgid ""
+"Append this group to groups specified by the <replaceable>GROUPS</"
+"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
+"a comma separated list of group names."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
+msgid ""
+"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupmod.8.xml:62
+msgid ""
+"Remove this group from groups specified by the <replaceable>GROUPS</"
+"replaceable> parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
+msgid "sssd.conf"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
+#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
+#: sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
+msgid "5"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
+#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
+#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
+#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
+msgid "File Formats and Conventions"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd.conf.5.xml:17
+msgid "the configuration file for SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:21
+msgid "FILE FORMAT"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:29
+#, no-wrap
+msgid ""
+"<replaceable>[section]</replaceable>\n"
+"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
+"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:24
+msgid ""
+"The file has an ini-style syntax and consists of sections and parameters. A "
+"section begins with the name of the section in square brackets and continues "
+"until the next section begins. An example of section with single and multi-"
+"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:36
+msgid ""
+"The data types used are string (no quotes needed), integer and bool (with "
+"values of <quote>TRUE/FALSE</quote>)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:41
+msgid ""
+"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"(<quote>;</quote>). Inline comments are not supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:47
+msgid ""
+"All sections can have an optional <replaceable>description</replaceable> "
+"parameter. Its function is only as a label for the section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:53
+msgid ""
+"<filename>sssd.conf</filename> must be a regular file, owned by root and "
+"only root may read from or write to the file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:59
+msgid "GENERAL OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:61
+msgid "Following options are usable in more than one configuration sections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:65
+msgid "Options usable in all sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:69
+msgid "debug_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:73
+msgid "debug (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:89
+msgid ""
+"Add a timestamp to the debug messages. If journald is enabled for SSSD "
+"debug logging this option is ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
+msgid "Default: true"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:99
+msgid "debug_microseconds (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:102
+msgid ""
+"Add microseconds to the timestamp in debug messages. If journald is enabled "
+"for SSSD debug logging this option is ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
+#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
+#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
+msgid "Default: false"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:116
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:120
+msgid "timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:123
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
+msgid "Default: 10"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:138
+msgid "SPECIAL SECTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:141
+msgid "The [sssd] section"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
+msgid "Section parameters"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:152
+msgid "config_file_version (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:155
+msgid ""
+"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
+"version 2."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:161
+msgid "services"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:164
+msgid ""
+"Comma separated list of services that are started when sssd itself starts."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:168
+msgid ""
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
+msgid "reconnection_retries (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
+msgid ""
+"Number of times services should attempt to reconnect in the event of a Data "
+"Provider crash or restart before they give up"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
+msgid "Default: 3"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:191
+msgid "domains"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:194
+msgid ""
+"A domain is a database containing user information. SSSD can use more "
+"domains at the same time, but at least one must be configured or SSSD won't "
+"start. This parameter described the list of domains in the order you want "
+"them to be queried. A domain name should only consist of alphanumeric ASCII "
+"characters, dashes, dots and underscores."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
+msgid "re_expression (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:209
+msgid ""
+"Default regular expression that describes how to parse the string containing "
+"user name and domain into these components."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:214
+msgid ""
+"Each domain can have an individual regular expression configured. For some "
+"ID providers there are also default regular expressions. See DOMAIN "
+"SECTIONS for more info on these regular expressions."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
+msgid "full_name_format (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
+msgid ""
+"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry>-compatible format that describes how to compose a "
+"fully qualified name from user name and domain name components."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
+msgid "%1$s"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
+msgid "user name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
+msgid "%2$s"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
+msgid "domain name as specified in the SSSD config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
+msgid "%3$s"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
+msgid ""
+"domain flat name. Mostly usable for Active Directory domains, both directly "
+"configured or discovered via IPA trusts."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
+msgid ""
+"The following expansions are supported: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:263
+msgid ""
+"Each domain can have an individual format string configured. see DOMAIN "
+"SECTIONS for more info on this option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:269
+msgid "try_inotify (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:272
+msgid ""
+"SSSD monitors the state of resolv.conf to identify when it needs to update "
+"its internal DNS resolver. By default, we will attempt to use inotify for "
+"this, and will fall back to polling resolv.conf every five seconds if "
+"inotify cannot be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:280
+msgid ""
+"There are some limited situations where it is preferred that we should skip "
+"even trying to use inotify. In these rare cases, this option should be set "
+"to 'false'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:286
+msgid ""
+"Default: true on platforms where inotify is supported. False on other "
+"platforms."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:290
+msgid ""
+"Note: this option will have no effect on platforms where inotify is "
+"unavailable. On these platforms, polling will always be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:297
+msgid "krb5_rcache_dir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:300
+msgid ""
+"Directory on the filesystem where SSSD should store Kerberos replay cache "
+"files."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:304
+msgid ""
+"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
+"SSSD to let libkrb5 decide the appropriate location for the replay cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:310
+msgid ""
+"Default: Distribution-specific and specified at build-time. "
+"(__LIBKRB5_DEFAULTS__ if not configured)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:317
+msgid "user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:320
+msgid ""
+"The user to drop the privileges to where appropriate to avoid running as the "
+"root user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:325
+msgid "Default: not set, process will run as root"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:330
+msgid "default_domain_suffix (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:333
+msgid ""
+"This string will be used as a default domain name for all names without a "
+"domain name component. The main use case is environments where the primary "
+"domain is intended for managing host policies and all users are located in a "
+"trusted domain. The option allows those users to log in just with their "
+"user name without giving a domain name as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:343
+msgid ""
+"Please note that if this option is set all users from the primary domain "
+"have to use their fully qualified name, e.g. user@domain.name, to log in. "
+"Setting this option changes default of use_fully_qualified_names to True. It "
+"is not allowed to use this option together with use_fully_qualified_names "
+"set to False."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
+msgid "Default: not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:357
+msgid "override_space (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:360
+msgid ""
+"This parameter will replace spaces (space bar) with the given character for "
+"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
+"&quot;john_doe&quot; This feature was added to help compatibility with shell "
+"scripts that have difficulty handling spaces, due to the default field "
+"separator in the shell."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:369
+msgid ""
+"Please note it is a configuration error to use a replacement character that "
+"might be used in user or group names. If a name contains the replacement "
+"character SSSD tries to return the unmodified name but in general the result "
+"of a lookup is undefined."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:377
+msgid "Default: not set (spaces will not be replaced)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+msgid "certificate_verification (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:143
+msgid ""
+"Individual pieces of SSSD functionality are provided by special SSSD "
+"services that are started and stopped together with SSSD. The services are "
+"managed by a special service frequently called <quote>monitor</quote>. The "
+"<quote>[sssd]</quote> section is used to configure the monitor as well as "
+"some other important options like the identity domains. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:453
+msgid "SERVICES SECTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:455
+msgid ""
+"Settings that can be used to configure different services are described in "
+"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
+"section, for example, for NSS service, the section would be <quote>[nss]</"
+"quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:462
+msgid "General service configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:464
+msgid "These options can be used to configure any service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:481
+msgid "fd_limit"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:484
+msgid ""
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:493
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:498
+msgid "client_idle_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:501
+msgid ""
+"This option specifies the number of seconds that a client of an SSSD process "
+"can hold onto a file descriptor without communicating on it. This value is "
+"limited in order to avoid resource exhaustion on the system."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
+msgid "Default: 60"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
+msgid "force_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:529
+msgid "offline_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:532
+msgid ""
+"When SSSD switches to offline mode the amount of time before it tries to go "
+"back online will increase based upon the time spent disconnected. This "
+"value is in seconds and calculated by the following:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:539
+msgid "offline_timeout + random_offset"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:542
+msgid ""
+"The random offset can increment up to 30 seconds. After each unsuccessful "
+"attempt to go online, the new interval is recalculated by the following:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:547
+msgid "new_interval = old_interval*2 + random_offset"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:550
+msgid ""
+"Note that the maximum length of each interval is currently limited to one "
+"hour. If the calculated length of new_interval is greater than an hour, it "
+"will be forced to one hour."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:564
+msgid "NSS configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:566
+msgid ""
+"These options can be used to configure the Name Service Switch (NSS) service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:571
+msgid "enum_cache_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:574
+msgid ""
+"How many seconds should nss_sss cache enumerations (requests for info about "
+"all users)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:578
+msgid "Default: 120"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:583
+msgid "entry_cache_nowait_percentage (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:586
+msgid ""
+"The entry cache can be set to automatically update entries in the background "
+"if they are requested beyond a percentage of the entry_cache_timeout value "
+"for the domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:592
+msgid ""
+"For example, if the domain's entry_cache_timeout is set to 30s and "
+"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
+"after 15 seconds past the last cache update will be returned immediately, "
+"but the SSSD will go and update the cache on its own, so that future "
+"requests will not need to block waiting for a cache update."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:602
+msgid ""
+"Valid values for this option are 0-99 and represent a percentage of the "
+"entry_cache_timeout for each domain. For performance reasons, this "
+"percentage will never reduce the nowait timeout to less than 10 seconds. (0 "
+"disables this feature)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:610
+msgid "Default: 50"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:615
+msgid "entry_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:618
+msgid ""
+"Specifies for how many seconds nss_sss should cache negative cache hits "
+"(that is, queries for invalid database entries, like nonexistent ones) "
+"before asking the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
+msgid "Default: 15"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:629
+msgid "local_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
+msgid "filter_users, filter_groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:645
+msgid ""
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
+msgid "Default: root"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:665
+msgid "filter_users_in_groups (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668
+msgid ""
+"If you want filtered user still be group members set this option to false."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:679
+msgid "fallback_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:682
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:687
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:693
+#, no-wrap
+msgid ""
+"fallback_homedir = /home/%u\n"
+" "
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
+msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:697
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:703
+msgid "override_shell (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:706
+msgid ""
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:712
+msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:718
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:721
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:724
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:728
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:733
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:738
+msgid "The wildcard (*) can be used to allow any shell."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:741
+msgid ""
+"The (*) is useful if you want to use shell_fallback in case that user's "
+"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
+"allowed shells in allowed_shells would be to much overhead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:748
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:751
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:755
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:760
+msgid "vetoed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:763
+msgid "Replace any instance of these shells with the shell_fallback"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:768
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:771
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:775
+msgid "Default: /bin/sh"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:780
+msgid "default_shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:783
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option can be specified globally in the [nss] section or per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
+msgid "get_domains_timeout (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:808
+msgid "memcache_timeout (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:811
+msgid ""
+"Specifies time in seconds for which records in the in-memory cache will be "
+"valid."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
+msgid "Default: 300"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
+msgid "user_attributes (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:829
+msgid ""
+"Some of the additional NSS responder requests can return more attributes "
+"than just the POSIX ones defined by the NSS interface. The list of "
+"attributes is controlled by this option. It is handled the same way as the "
+"<quote>user_attributes</quote> option of the InfoPipe responder (see "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for details) but with no default values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:842
+msgid ""
+"To make configuration more easy the NSS responder will check the InfoPipe "
+"option if it is not set for the NSS responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:847
+msgid "Default: not set, fallback to InfoPipe option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:854
+msgid "PAM configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:856
+msgid ""
+"These options can be used to configure the Pluggable Authentication Module "
+"(PAM) service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:861
+msgid "offline_credentials_expiration (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:864
+msgid ""
+"If the authentication provider is offline, how long should we allow cached "
+"logins (in days since the last successful online login)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
+msgid "Default: 0 (No limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:875
+msgid "offline_failed_login_attempts (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:878
+msgid ""
+"If the authentication provider is offline, how many failed login attempts "
+"are allowed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:888
+msgid "offline_failed_login_delay (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:891
+msgid ""
+"The time in minutes which has to pass after offline_failed_login_attempts "
+"has been reached before a new login attempt is possible."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid ""
+"If set to 0 the user cannot authenticate offline if "
+"offline_failed_login_attempts has been reached. Only a successful online "
+"authentication can enable offline authentication again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
+msgid "Default: 5"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:908
+msgid "pam_verbosity (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:911
+msgid ""
+"Controls what kind of messages are shown to the user during authentication. "
+"The higher the number to more messages are displayed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:916
+msgid "Currently sssd supports the following values:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:919
+msgid "<emphasis>0</emphasis>: do not show any message"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:922
+msgid "<emphasis>1</emphasis>: show only important messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:926
+msgid "<emphasis>2</emphasis>: show informational messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:929
+msgid "<emphasis>3</emphasis>: show all messages and debug information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:933 sssd.8.xml:63
+msgid "Default: 1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:938
+msgid "pam_id_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:941
+msgid ""
+"For any PAM request while SSSD is online, the SSSD will attempt to "
+"immediately update the cached identity information for the user in order to "
+"ensure that authentication takes place with the latest information."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:947
+msgid ""
+"A complete PAM conversation may perform multiple PAM requests, such as "
+"account management and session opening. This option controls (on a per-"
+"client-application basis) how long (in seconds) we can cache the identity "
+"information to avoid excessive round-trips to the identity provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:961
+msgid "pam_pwd_expiration_warning (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
+msgid "Display a warning N days before the password expires."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:967
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:978
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1000
+msgid "pam_trusted_users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1003
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1017
+msgid ""
+"Please note that UID 0 is always allowed to access the PAM responder even in "
+"case it is not in the pam_trusted_users list."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1024
+msgid "pam_public_domains (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1027
+msgid ""
+"Specifies the comma-separated list of domain names that are accessible even "
+"to untrusted users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1031
+msgid "Two special values for pam_public_domains option are defined:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1035
+msgid ""
+"all (Untrusted users are allowed to access all domains in PAM responder.)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1039
+msgid ""
+"none (Untrusted users are not allowed to access any domains PAM in "
+"responder.)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1048
+msgid "pam_account_expired_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1064
+#, no-wrap
+msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+msgid "pam_cert_db_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
+msgid "p11_child_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1121
+msgid "How many seconds will pam_sss wait for p11_child to finish."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1134
+msgid "SUDO configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1136
+msgid ""
+"These options can be used to configure the sudo service. The detailed "
+"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-"
+"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1153
+msgid "sudo_timed (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1156
+msgid ""
+"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
+"that implement time-dependent sudoers entries."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1169
+msgid "AUTOFS configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1171
+msgid "These options can be used to configure the autofs service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1175
+msgid "autofs_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1178
+msgid ""
+"Specifies for how many seconds should the autofs responder negative cache "
+"hits (that is, queries for invalid map entries, like nonexistent ones) "
+"before asking the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1194
+msgid "SSH configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1196
+msgid "These options can be used to configure the SSH service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1200
+msgid "ssh_hash_known_hosts (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1203
+msgid ""
+"Whether or not to hash host names and addresses in the managed known_hosts "
+"file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1212
+msgid "ssh_known_hosts_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1215
+msgid ""
+"How many seconds to keep a host in the managed known_hosts file after its "
+"host keys were requested."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219
+msgid "Default: 180"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1224
+msgid "ca_db (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1227
+msgid ""
+"Path to a storage of trusted CA certificates. The option is used to validate "
+"user certificates before deriving public ssh keys from them."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1232
+msgid "Default: /etc/pki/nssdb"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1240
+msgid "PAC responder configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1242
+msgid ""
+"The PAC responder works together with the authorization data plugin for MIT "
+"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
+"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain "
+"provider collects domain SID and ID ranges of the domain the client is "
+"joined to and of remote trusted domains from the local domain controller. "
+"If the PAC is decoded and evaluated some of the following operations are "
+"done:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1251
+msgid ""
+"If the remote user does not exist in the cache, it is created. The uid is "
+"determined with the help of the SID, trusted domains will have UPGs and the "
+"gid will have the same value as the uid. The home directory is set based on "
+"the subdomain_homedir parameter. The shell will be empty by default, i.e. "
+"the system defaults are used, but can be overwritten with the default_shell "
+"parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1259
+msgid ""
+"If there are SIDs of groups from domains sssd knows about, the user will be "
+"added to those groups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1265
+msgid "These options can be used to configure the PAC responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
+msgid "allowed_uids (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1272
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the PAC responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1278
+msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1282
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the PAC responder, which would be the typical case, you have to add 0 "
+"to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+msgid "pac_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:1309
+msgid "DOMAIN SECTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1316
+msgid "min_id,max_id (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1319
+msgid ""
+"UID and GID limits for the domain. If a domain contains an entry that is "
+"outside these limits, it is ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1324
+msgid ""
+"For users, this affects the primary GID limit. The user will not be returned "
+"to NSS if either the UID or the primary GID is outside the range. For non-"
+"primary group memberships, those that are in range will be reported as "
+"expected."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1331
+msgid ""
+"These ID limits affect even saving entries to cache, not only returning them "
+"by name or ID."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1335
+msgid "Default: 1 for min_id, 0 (no limit) for max_id"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1341
+msgid "enumerate (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1344
+msgid ""
+"Determines if a domain can be enumerated. This parameter can have one of the "
+"following values:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1348
+msgid "TRUE = Users and groups are enumerated"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1351
+msgid "FALSE = No enumerations for this domain"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
+msgid "Default: FALSE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1357
+msgid ""
+"Note: Enabling enumeration has a moderate performance impact on SSSD while "
+"enumeration is running. It may take up to several minutes after SSSD startup "
+"to fully complete enumerations. During this time, individual requests for "
+"information will go directly to LDAP, though it may be slow, due to the "
+"heavy enumeration processing. Saving a large number of entries to cache "
+"after the enumeration completes might also be CPU intensive as the "
+"memberships have to be recomputed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1370
+msgid ""
+"While the first enumeration is running, requests for the complete user or "
+"group lists may return no results until it completes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1375
+msgid ""
+"Further, enabling enumeration may increase the time necessary to detect "
+"network disconnection, as longer timeouts are required to ensure that "
+"enumeration lookups are completed successfully. For more information, refer "
+"to the man pages for the specific id_provider in use."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1383
+msgid ""
+"For the reasons cited above, enabling enumeration is not recommended, "
+"especially in large environments."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1391
+msgid "subdomain_enumerate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1398
+msgid "all"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1399
+msgid "All discovered trusted domains will be enumerated"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1402
+msgid "none"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1403
+msgid "No discovered trusted domains will be enumerated"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1394
+msgid ""
+"Whether any of autodetected trusted domains should be enumerated. The "
+"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
+"Optionally, a list of one or more domain names can enable enumeration just "
+"for these trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1434
+msgid "entry_cache_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1437
+msgid ""
+"How many seconds should nss_sss consider entries valid before asking the "
+"backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1441
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries. You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1454
+msgid "Default: 5400"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1460
+msgid "entry_cache_user_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1463
+msgid ""
+"How many seconds should nss_sss consider user entries valid before asking "
+"the backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
+msgid "Default: entry_cache_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1473
+msgid "entry_cache_group_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1476
+msgid ""
+"How many seconds should nss_sss consider group entries valid before asking "
+"the backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1486
+msgid "entry_cache_netgroup_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1489
+msgid ""
+"How many seconds should nss_sss consider netgroup entries valid before "
+"asking the backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1499
+msgid "entry_cache_service_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1502
+msgid ""
+"How many seconds should nss_sss consider service entries valid before asking "
+"the backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1512
+msgid "entry_cache_sudo_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1515
+msgid ""
+"How many seconds should sudo consider rules valid before asking the backend "
+"again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1525
+msgid "entry_cache_autofs_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1528
+msgid ""
+"How many seconds should the autofs service consider automounter maps valid "
+"before asking the backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1539
+msgid "entry_cache_ssh_host_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1542
+msgid ""
+"How many seconds to keep a host ssh key after refresh. IE how long to cache "
+"the host key for."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1553
+msgid "refresh_expired_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1556
+msgid ""
+"Specifies how many seconds SSSD has to wait before triggering a background "
+"refresh task which will refresh all expired or nearly expired records."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1561
+msgid ""
+"The background refresh will process users, groups and netgroups in the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1565
+msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+msgid "Default: 0 (disabled)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1575
+msgid "cache_credentials (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1578
+msgid "Determines if user credentials are also cached in the local LDB cache"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1582
+msgid "User credentials are stored in a SHA512 hash, not in plaintext"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1592
+msgid "cache_credentials_minimal_first_factor_length (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1595
+msgid ""
+"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
+"this value determines the minimal length the first authentication factor "
+"(long term password) must have to be saved as SHA512 hash into the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1602
+msgid ""
+"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
+"the cache which would make them easy targets for brute-force attacks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1607
+msgid "Default: 8"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613
+msgid "account_cache_expiration (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616
+msgid ""
+"Number of days entries are left in cache after last successful login before "
+"being removed during a cleanup of the cache. 0 means keep forever. The "
+"value of this parameter must be greater than or equal to "
+"offline_credentials_expiration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623
+msgid "Default: 0 (unlimited)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628
+msgid "pwd_expiration_warning (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1639
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1646
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1652
+msgid "id_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1655
+msgid ""
+"The identification provider used for the domain. Supported ID providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1659
+msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1666
+msgid ""
+"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
+msgid ""
+"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
+"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
+"FreeIPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
+msgid ""
+"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring Active Directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1694
+msgid "use_fully_qualified_names (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1697
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1702
+msgid ""
+"If set to TRUE, all requests to this domain must use fully qualified names. "
+"For example, if used in LOCAL domain that contains a \"test\" user, "
+"<command>getent passwd test</command> wouldn't find the user while "
+"<command>getent passwd test@LOCAL</command> would."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1710
+msgid ""
+"NOTE: This option has no effect on netgroup lookups due to their tendency to "
+"include nested netgroups without qualified names. For netgroups, all domains "
+"will be searched when an unqualified name is requested."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1717
+msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1723
+msgid "ignore_group_members (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1726
+msgid "Do not return group members for group lookups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1729
+msgid ""
+"If set to TRUE, the group membership attribute is not requested from the "
+"ldap server, and group members are not returned when processing group lookup "
+"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> "
+"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </"
+"citerefentry>. As an effect, <quote>getent group $groupname</quote> would "
+"return the requested group as if it was empty."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1747
+msgid ""
+"Enabling this option can also make access provider checks for group "
+"membership significantly faster, especially for groups containing many "
+"members."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1758
+msgid "auth_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1761
+msgid ""
+"The authentication provider used for the domain. Supported auth providers "
+"are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
+msgid ""
+"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1772
+msgid ""
+"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1796
+msgid ""
+"<quote>proxy</quote> for relaying authentication to some other PAM target."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1803
+msgid "<quote>none</quote> disables authentication explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1806
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can handle "
+"authentication requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1812
+msgid "access_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1815
+msgid ""
+"The access control provider used for the domain. There are two built-in "
+"access providers (in addition to any included in installed backends) "
+"Internal special providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1821
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1824
+msgid "<quote>deny</quote> always deny access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1851
+msgid ""
+"<quote>simple</quote> access control based on access or deny lists. See "
+"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for more information on configuring the simple "
+"access module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
+msgid "Default: <quote>permit</quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1873
+msgid "chpass_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1876
+msgid ""
+"The provider which should handle change password operations for the domain. "
+"Supported change password providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1881
+msgid ""
+"<quote>ldap</quote> to change a password stored in a LDAP server. See "
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1889
+msgid ""
+"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1914
+msgid ""
+"<quote>proxy</quote> for relaying password changes to some other PAM target."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1918
+msgid "<quote>none</quote> disallows password changes explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1921
+msgid ""
+"Default: <quote>auth_provider</quote> is used if it is set and can handle "
+"change password requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1928
+msgid "sudo_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1931
+msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1935
+msgid ""
+"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1943
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1947
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1951
+msgid "<quote>none</quote> disables SUDO explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
+msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1958
+msgid ""
+"The detailed instructions for configuration of sudo_provider are in the "
+"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration "
+"options that can be used to adjust the behavior. Please refer to "
+"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1975
+msgid "selinux_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1978
+msgid ""
+"The provider which should handle loading of selinux settings. Note that this "
+"provider will be called right after access provider ends. Supported selinux "
+"providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1984
+msgid ""
+"<quote>ipa</quote> to load selinux settings from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1992
+msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1995
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can handle "
+"selinux loading requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2001
+msgid "subdomains_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2004
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2010
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2019
+msgid ""
+"<quote>ad</quote> to load a list of subdomains from an Active Directory "
+"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
+"the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2028
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2039
+msgid "autofs_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2042
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2046
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2053
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2080
+msgid "hostid_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2083
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2087
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2095
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2108
+msgid ""
+"Regular expression for this domain that describes how to parse the string "
+"containing user name and domain into these components. The \"domain\" can "
+"match either the SSSD configuration domain name, or, in the case of IPA "
+"trust subdomains and Active Directory domains, the flat (NetBIOS) name of "
+"the domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2117
+msgid ""
+"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
+"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
+"P&lt;name&gt;[^@\\\\]+)$))</quote> which allows three different styles for "
+"user names:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:2122
+msgid "username"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:2125
+msgid "username@domain.name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:2128
+msgid "domain\\username"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2131
+msgid ""
+"While the first two correspond to the general default the third one is "
+"introduced to allow easy integration of users from Windows domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2136
+msgid ""
+"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
+"which translates to \"the name is everything up to the <quote>@</quote> "
+"sign, the domain everything after that\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2142
+msgid ""
+"PLEASE NOTE: the support for non-unique named subpatterns is not available "
+"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
+"version 7 or higher can support non-unique named subpatterns."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2149
+msgid ""
+"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
+"P&lt;name&gt;) to label subpatterns."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2196
+msgid "Default: <quote>%1$s@%2$s</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2202
+msgid "lookup_family_order (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2205
+msgid ""
+"Provides the ability to select preferred address family to use when "
+"performing DNS lookups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2209
+msgid "Supported values:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2212
+msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2215
+msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2218
+msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2221
+msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2224
+msgid "Default: ipv4_first"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2230
+msgid "dns_resolver_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2233
+msgid ""
+"Defines the amount of time (in seconds) to wait for a reply from the DNS "
+"resolver before assuming that it is unreachable. If this timeout is reached, "
+"the domain will continue to operate in offline mode."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
+msgid "Default: 6"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2245
+msgid "dns_discovery_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2248
+msgid ""
+"If service discovery is used in the back end, specifies the domain part of "
+"the service discovery DNS query."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2252
+msgid "Default: Use the domain part of machine's hostname"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2258
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2261
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2267
+msgid "case_sensitive (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2275
+msgid "True"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2278
+msgid "Case sensitive. This value is invalid for AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2284
+msgid "False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2286
+msgid "Case insensitive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2290
+msgid "Preserving"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2293
+msgid ""
+"Same as False (case insensitive), but does not lowercase names in the result "
+"of NSS operations. Note that name aliases (and in case of services also "
+"protocol names) are still lowercased in the output."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2270
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider. Possible option values are: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2305
+msgid "Default: True (False for AD provider)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2314
+msgid ""
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
+msgid "subdomain_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2363
+msgid "%F"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2364
+msgid "flat (NetBIOS) name of a subdomain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2355
+msgid ""
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2369
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2373
+msgid "Default: <filename>/home/%d/%u</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2378
+msgid "realmd_tags (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2381
+msgid ""
+"Various tags stored by the realmd configuration service for this domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2387
+msgid "cached_auth_timeout (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2390
+msgid ""
+"Specifies time in seconds since last successful online authentication for "
+"which user will be authenticated using cached credentials while SSSD is in "
+"the online mode."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2396
+msgid "Special value 0 implies that this feature is disabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2400
+msgid ""
+"Please note that if <quote>cached_auth_timeout</quote> is longer than "
+"<quote>pam_id_timeout</quote> then the back end could be called to handle "
+"<quote>initgroups.</quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:1311
+msgid ""
+"These configuration options can be present in a domain configuration "
+"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
+"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2418
+msgid "proxy_pam_target (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2421
+msgid "The proxy target PAM proxies to."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2424
+msgid ""
+"Default: not set by default, you have to take an existing pam configuration "
+"or create a new one and add the service name here."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2432
+msgid "proxy_lib_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+msgid ""
+"The name of the NSS library to use in proxy domains. The NSS functions "
+"searched for in the library are in the form of _nss_$(libName)_$(function), "
+"for example _nss_files_getpwent."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:2414
+msgid ""
+"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
+"\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:2465
+msgid "The local domain section"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:2467
+msgid ""
+"This section contains settings for domain that stores users and groups in "
+"SSSD native database, that is, a domain that uses "
+"<replaceable>id_provider=local</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2474
+msgid "default_shell (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2477
+msgid "The default shell for users created with SSSD userspace tools."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2481
+msgid "Default: <filename>/bin/bash</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2486
+msgid "base_directory (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2489
+msgid ""
+"The tools append the login name to <replaceable>base_directory</replaceable> "
+"and use that as the home directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2494
+msgid "Default: <filename>/home</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2499
+msgid "create_homedir (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2502
+msgid ""
+"Indicate if a home directory should be created by default for new users. "
+"Can be overridden on command line."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
+msgid "Default: TRUE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2511
+msgid "remove_homedir (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2514
+msgid ""
+"Indicate if a home directory should be removed by default for deleted "
+"users. Can be overridden on command line."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2523
+msgid "homedir_umask (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2526
+msgid ""
+"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
+"on a newly created home directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2534
+msgid "Default: 077"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2539
+msgid "skel_dir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2542
+msgid ""
+"The skeleton directory, which contains files and directories to be copied in "
+"the user's home directory, when the home directory is created by "
+"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2552
+msgid "Default: <filename>/etc/skel</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2557
+msgid "mail_dir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2560
+msgid ""
+"The mail spool directory. This is needed to manipulate the mailbox when its "
+"corresponding user account is modified or deleted. If not specified, a "
+"default value is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2567
+msgid "Default: <filename>/var/mail</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2572
+msgid "userdel_cmd (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2575
+msgid ""
+"The command that is run after a user is removed. The command us passed the "
+"username of the user being removed as the first and only parameter. The "
+"return code of the command is not taken into account."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2581
+msgid "Default: None, no command is run"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
+#: sss_rpcidmapd.5.xml:98
+msgid "EXAMPLE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:2597
+#, no-wrap
+msgid ""
+"[sssd]\n"
+"domains = LDAP\n"
+"services = nss, pam\n"
+"config_file_version = 2\n"
+"\n"
+"[nss]\n"
+"filter_groups = root\n"
+"filter_users = root\n"
+"\n"
+"[pam]\n"
+"\n"
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"ldap_uri = ldap://ldap.example.com\n"
+"ldap_search_base = dc=example,dc=com\n"
+"\n"
+"auth_provider = krb5\n"
+"krb5_server = kerberos.example.com\n"
+"krb5_realm = EXAMPLE.COM\n"
+"cache_credentials = true\n"
+"\n"
+"min_id = 10000\n"
+"max_id = 20000\n"
+"enumerate = False\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:2593
+msgid ""
+"The following example shows a typical SSSD config. It does not describe "
+"configuration of the domains themselves - refer to documentation on "
+"configuring domains for more details. <placeholder type=\"programlisting\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
+msgid "sssd-ldap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:23
+msgid ""
+"This manual page describes the configuration of LDAP domains for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for detailed syntax information."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:35
+msgid "You can configure SSSD to use more than one LDAP domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:38
+msgid ""
+"LDAP back end supports id, auth, access and chpass providers. If you want to "
+"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
+"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
+"over an unencrypted channel. If the LDAP server is used only as an identity "
+"provider, an encrypted channel is not needed. Please refer to "
+"<quote>ldap_access_filter</quote> config option for more information about "
+"using LDAP as an access provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
+msgid "CONFIGURATION OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:60
+msgid "ldap_uri, ldap_backup_uri (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:63
+msgid ""
+"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
+"should connect in the order of preference. Refer to the <quote>FAILOVER</"
+"quote> section for more information on failover and server redundancy. If "
+"neither option is specified, service discovery is enabled. For more "
+"information, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:70
+msgid "The format of the URI must match the format defined in RFC 2732:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:73
+msgid "ldap[s]://&lt;host&gt;[:port]"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:76
+msgid ""
+"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:79
+msgid "example: ldap://[fc00::126:25]:389"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:85
+msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:88
+msgid ""
+"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
+"should connect in the order of preference to change the password of a user. "
+"Refer to the <quote>FAILOVER</quote> section for more information on "
+"failover and server redundancy."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:95
+msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:99
+msgid "Default: empty, i.e. ldap_uri is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:105
+msgid "ldap_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:108
+msgid "The default base DN to use for performing LDAP user operations."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:112
+msgid ""
+"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
+"syntax:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:116
+msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:119
+msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
+msgid ""
+"The filter must be a valid LDAP search filter as specified by http://www."
+"ietf.org/rfc/rfc2254.txt"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
+msgid "Examples:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:129
+msgid ""
+"ldap_search_base = dc=example,dc=com (which is equivalent to) "
+"ldap_search_base = dc=example,dc=com?subtree?"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:134
+msgid ""
+"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
+"(host=thishost)?dc=example.com?subtree?"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:137
+msgid ""
+"Note: It is unsupported to have multiple search bases which reference "
+"identically-named objects (for example, groups with the same name in two "
+"different search bases). This will lead to unpredictable behavior on client "
+"machines."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:144
+msgid ""
+"Default: If not set, the value of the defaultNamingContext or namingContexts "
+"attribute from the RootDSE of the LDAP server is used. If "
+"defaultNamingContext does not exist or has an empty value namingContexts is "
+"used. The namingContexts attribute must have a single value with the DN of "
+"the search base of the LDAP server to make this work. Multiple values are "
+"are not supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:158
+msgid "ldap_schema (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:161
+msgid ""
+"Specifies the Schema Type in use on the target LDAP server. Depending on "
+"the selected schema, the default attribute names retrieved from the servers "
+"may vary. The way that some attributes are handled may also differ."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:168
+msgid "Four schema types are currently supported:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:172
+msgid "rfc2307"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:177
+msgid "rfc2307bis"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:182
+msgid "IPA"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:187
+msgid "AD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:193
+msgid ""
+"The main difference between these schema types is how group memberships are "
+"recorded in the server. With rfc2307, group members are listed by name in "
+"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, "
+"group members are listed by DN and stored in the <emphasis>member</emphasis> "
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:203
+msgid "Default: rfc2307"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:209
+msgid "ldap_default_bind_dn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:212
+msgid "The default bind DN to use for performing LDAP operations."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:219
+msgid "ldap_default_authtok_type (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:222
+msgid "The type of the authentication token of the default bind DN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:226
+msgid "The two mechanisms currently supported are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:229
+msgid "password"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:232
+msgid "obfuscated_password"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:235
+msgid "Default: password"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:241
+msgid "ldap_default_authtok (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:244
+msgid ""
+"The authentication token of the default bind DN. Only clear text passwords "
+"are currently supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:251
+msgid "ldap_user_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:254
+msgid "The object class of a user entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:257
+msgid "Default: posixAccount"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:263
+msgid "ldap_user_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:266
+msgid "The LDAP attribute that corresponds to the user's login name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:270
+msgid "Default: uid"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:276
+msgid "ldap_user_uid_number (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:279
+msgid "The LDAP attribute that corresponds to the user's id."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:283
+msgid "Default: uidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:289
+msgid "ldap_user_gid_number (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:292
+msgid "The LDAP attribute that corresponds to the user's primary group id."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:863
+msgid "Default: gidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:302
+msgid "ldap_user_gecos (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:305
+msgid "The LDAP attribute that corresponds to the user's gecos field."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:309
+msgid "Default: gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:315
+msgid "ldap_user_home_directory (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:318
+msgid "The LDAP attribute that contains the name of the user's home directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:322
+msgid "Default: homeDirectory"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:328
+msgid "ldap_user_shell (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:331
+msgid "The LDAP attribute that contains the path to the user's default shell."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:335
+msgid "Default: loginShell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:341
+msgid "ldap_user_uuid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:344
+msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:889
+msgid ""
+"Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
+"IPA"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:355
+msgid "ldap_user_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:358
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:363 sssd-ldap.5.xml:904
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:370
+msgid "ldap_user_modify_timestamp (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
+msgid ""
+"The LDAP attribute that contains timestamp of the last modification of the "
+"parent object."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
+msgid "Default: modifyTimestamp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:383
+msgid "ldap_user_shadow_last_change (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:386
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
+"the last password change)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:396
+msgid "Default: shadowLastChange"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:402
+msgid "ldap_user_shadow_min (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:405
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
+"password age)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:414
+msgid "Default: shadowMin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:420
+msgid "ldap_user_shadow_max (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:423
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
+"password age)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:432
+msgid "Default: shadowMax"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:438
+msgid "ldap_user_shadow_warning (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:441
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
+"(password warning period)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:451
+msgid "Default: shadowWarning"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:457
+msgid "ldap_user_shadow_inactive (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:460
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
+"(password inactivity period)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:470
+msgid "Default: shadowInactive"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:476
+msgid "ldap_user_shadow_expire (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:479
+msgid ""
+"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
+"parameter contains the name of an LDAP attribute corresponding to its "
+"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> counterpart (account expiration date)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:489
+msgid "Default: shadowExpire"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:495
+msgid "ldap_user_krb_last_pwd_change (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:498
+msgid ""
+"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
+"an LDAP attribute storing the date and time of last password change in "
+"kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:504
+msgid "Default: krbLastPwdChange"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:510
+msgid "ldap_user_krb_password_expiration (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:513
+msgid ""
+"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
+"an LDAP attribute storing the date and time when current password expires."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:519
+msgid "Default: krbPasswordExpiration"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:525
+msgid "ldap_user_ad_account_expires (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:528
+msgid ""
+"When using ldap_account_expire_policy=ad, this parameter contains the name "
+"of an LDAP attribute storing the expiration time of the account."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:533
+msgid "Default: accountExpires"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:539
+msgid "ldap_user_ad_user_account_control (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:542
+msgid ""
+"When using ldap_account_expire_policy=ad, this parameter contains the name "
+"of an LDAP attribute storing the user account control bit field."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:547
+msgid "Default: userAccountControl"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:553
+msgid "ldap_ns_account_lock (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:556
+msgid ""
+"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
+"determines if access is allowed or not."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:561
+msgid "Default: nsAccountLock"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:567
+msgid "ldap_user_nds_login_disabled (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:570
+msgid ""
+"When using ldap_account_expire_policy=nds, this attribute determines if "
+"access is allowed or not."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588
+msgid "Default: loginDisabled"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:580
+msgid "ldap_user_nds_login_expiration_time (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:583
+msgid ""
+"When using ldap_account_expire_policy=nds, this attribute determines until "
+"which date access is granted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:594
+msgid "ldap_user_nds_login_allowed_time_map (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:597
+msgid ""
+"When using ldap_account_expire_policy=nds, this attribute determines the "
+"hours of a day in a week when access is granted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:602
+msgid "Default: loginAllowedTimeMap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:608
+msgid "ldap_user_principal (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:611
+msgid ""
+"The LDAP attribute that contains the user's Kerberos User Principal Name "
+"(UPN)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:615
+msgid "Default: krbPrincipalName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:621
+msgid "ldap_user_extra_attrs (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:624
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:629
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim. Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:639
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:649
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:652
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:656
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:659
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
+"quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:669
+msgid "ldap_user_ssh_public_key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:672
+msgid "The LDAP attribute that contains the user's SSH public keys."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:676
+msgid "Default: sshPublicKey"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:682
+msgid "ldap_force_upper_case_realm (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:685
+msgid ""
+"Some directory servers, for example Active Directory, might deliver the "
+"realm part of the UPN in lower case, which might cause the authentication to "
+"fail. Set this option to a non-zero value if you want to use an upper-case "
+"realm."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:698
+msgid "ldap_enumeration_refresh_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:701
+msgid ""
+"Specifies how many seconds SSSD has to wait before refreshing its cache of "
+"enumerated records."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:712
+msgid "ldap_purge_cache_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:715
+msgid ""
+"Determine how often to check the cache for inactive entries (such as groups "
+"with no members and users who have never logged in) and remove them to save "
+"space."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:721
+msgid ""
+"Setting this option to zero will disable the cache cleanup operation. Please "
+"note that if enumeration is enabled, the cleanup task is required in order "
+"to detect entries removed from the server and can't be disabled. By default, "
+"the cleanup task will run every 3 hours with enumeration enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:736
+msgid "ldap_user_fullname (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:739
+msgid "The LDAP attribute that corresponds to the user's full name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
+msgid "Default: cn"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:749
+msgid "ldap_user_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:752
+msgid "The LDAP attribute that lists the user's group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:756
+msgid "Default: memberOf"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:762
+msgid "ldap_user_authorized_service (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:765
+msgid ""
+"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
+"use the presence of the authorizedService attribute in the user's LDAP entry "
+"to determine access privilege."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:772
+msgid ""
+"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
+"explicit allow (svc) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:777
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>authorized_service</quote> in order for the "
+"ldap_user_authorized_service option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:784
+msgid "Default: authorizedService"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:790
+msgid "ldap_user_authorized_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+msgid ""
+"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
+"presence of the host attribute in the user's LDAP entry to determine access "
+"privilege."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:799
+msgid ""
+"An explicit deny (!host) is resolved first. Second, SSSD searches for "
+"explicit allow (host) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:804
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>host</quote> in order for the "
+"ldap_user_authorized_host option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:811
+msgid "Default: host"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:817
+msgid "ldap_user_certificate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:820
+msgid "Name of the LDAP attribute containing the X509 certificate of the user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:824
+msgid "Default: no set in the general case, userCertificate;binary for IPA"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:831
+msgid "ldap_group_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:834
+msgid "The object class of a group entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:837
+msgid "Default: posixGroup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:843
+msgid "ldap_group_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:846
+msgid "The LDAP attribute that corresponds to the group name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:856
+msgid "ldap_group_gid_number (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:859
+msgid "The LDAP attribute that corresponds to the group's id."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:869
+msgid "ldap_group_member (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:872
+msgid "The LDAP attribute that contains the names of the group's members."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:876
+msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:882
+msgid "ldap_group_uuid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:885
+msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:896
+msgid "ldap_group_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:899
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:911
+msgid "ldap_group_modify_timestamp (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:924
+msgid "ldap_group_type (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:927
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:932
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:938
+msgid "Default: groupType in the AD provider, othewise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:945
+msgid "ldap_group_external_member (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:948
+msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
+"If ldap_schema is set to a schema format that supports nested groups (e.g. "
+"RFC2307bis), then this option controls how many levels of nesting SSSD will "
+"follow. This option has no effect on the RFC2307 schema."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Note: This option specifies the guaranteed level of nested groups to be "
+"processed for any lookup. However, nested groups beyond this limit "
+"<emphasis>may be</emphasis> returned if previous lookups already resolved "
+"the deeper nesting levels. Also, subsequent lookups for other groups may "
+"enlarge the result set for original lookup if re-queried."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:980
+msgid ""
+"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:989
+msgid "Default: 2"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:995
+msgid "ldap_groups_use_matching_rule_in_chain"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:998
+msgid ""
+"This option tells SSSD to take advantage of an Active Directory-specific "
+"feature which may speed up group lookup operations on deployments with "
+"complex or deep nested groups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1004
+msgid ""
+"In most common cases, it is best to leave this option disabled. It generally "
+"only provides a performance increase on very complex nestings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
+msgid ""
+"If this option is enabled, SSSD will use it if it detects that the server "
+"supports it during initial connection. So \"True\" here essentially means "
+"\"auto-detect\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
+msgid ""
+"Note: This feature is currently known to work only with Active Directory "
+"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
+"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> "
+"for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1027
+msgid "ldap_initgroups_use_matching_rule_in_chain"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1030
+msgid ""
+"This option tells SSSD to take advantage of an Active Directory-specific "
+"feature which might speed up initgroups operations (most notably when "
+"dealing with complex or deep nested groups)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1057
+msgid ""
+"This options enables or disables use of Token-Groups attribute when "
+"performing initgroup for users from Active Directory Server 2008 and later."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1062
+msgid "Default: True for AD and IPA otherwise False."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1068
+msgid "ldap_netgroup_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1071
+msgid "The object class of a netgroup entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1074
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1078
+msgid "Default: nisNetgroup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1084
+msgid "ldap_netgroup_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1087
+msgid "The LDAP attribute that corresponds to the netgroup name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1091
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1101
+msgid "ldap_netgroup_member (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1104
+msgid "The LDAP attribute that contains the names of the netgroup's members."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1108
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1112
+msgid "Default: memberNisNetgroup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1118
+msgid "ldap_netgroup_triple (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1121
+msgid ""
+"The LDAP attribute that contains the (host, user, domain) netgroup triples."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1128
+msgid "Default: nisNetgroupTriple"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1134
+msgid "ldap_netgroup_modify_timestamp (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1150
+msgid "ldap_service_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1153
+msgid "The object class of a service entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1156
+msgid "Default: ipService"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1162
+msgid "ldap_service_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1165
+msgid ""
+"The LDAP attribute that contains the name of service attributes and their "
+"aliases."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1175
+msgid "ldap_service_port (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1178
+msgid "The LDAP attribute that contains the port managed by this service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1182
+msgid "Default: ipServicePort"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1188
+msgid "ldap_service_proto (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1191
+msgid ""
+"The LDAP attribute that contains the protocols understood by this service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1195
+msgid "Default: ipServiceProtocol"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1201
+msgid "ldap_service_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1206
+msgid "ldap_search_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1209
+msgid ""
+"Specifies the timeout (in seconds) that ldap searches are allowed to run "
+"before they are cancelled and cached results are returned (and offline mode "
+"is entered)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1215
+msgid ""
+"Note: this option is subject to change in future versions of the SSSD. It "
+"will likely be replaced at some point by a series of timeouts for specific "
+"lookup types."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1227
+msgid "ldap_enumeration_search_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1230
+msgid ""
+"Specifies the timeout (in seconds) that ldap searches for user and group "
+"enumerations are allowed to run before they are cancelled and cached results "
+"are returned (and offline mode is entered)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1243
+msgid "ldap_network_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1246
+msgid ""
+"Specifies the timeout (in seconds) after which the <citerefentry> "
+"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
+"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
+"manvolnum> </citerefentry> following a <citerefentry> "
+"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
+"citerefentry> returns in case of no activity."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1269
+msgid "ldap_opt_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1272
+msgid ""
+"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
+"will abort if no response is received. Also controls the timeout when "
+"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind "
+"operation, password change extended operation and the StartTLS operation."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1287
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1290
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1304
+msgid "ldap_page_size (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1307
+msgid ""
+"Specify the number of records to retrieve from LDAP in a single request. "
+"Some LDAP servers enforce a maximum limit per-request."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1312
+msgid "Default: 1000"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1318
+msgid "ldap_disable_paging (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1321
+msgid ""
+"Disable the LDAP paging control. This option should be used if the LDAP "
+"server reports that it supports the LDAP paging control in its RootDSE but "
+"it is not enabled or does not behave properly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1327
+msgid ""
+"Example: OpenLDAP servers with the paging control module installed on the "
+"server but not enabled will report it in the RootDSE but be unable to use it."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1333
+msgid ""
+"Example: 389 DS has a bug where it can only support a one paging control at "
+"a time on a single connection. On busy clients, this can result in some "
+"requests being denied."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1345
+msgid "ldap_disable_range_retrieval (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1348
+msgid "Disable Active Directory range retrieval."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1351
+msgid ""
+"Active Directory limits the number of members to be retrieved in a single "
+"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
+"group contains more members, the reply would include an AD-specific range "
+"extension. This option disables parsing of the range extension, therefore "
+"large groups will appear as having no members."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1366
+msgid "ldap_sasl_minssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1369
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1375
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1382
+msgid "ldap_deref_threshold (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1385
+msgid ""
+"Specify the number of group members that must be missing from the internal "
+"cache in order to trigger a dereference lookup. If less members are missing, "
+"they are looked up individually."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1391
+msgid ""
+"You can turn off dereference lookups completely by setting the value to 0."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1395
+msgid ""
+"A dereference lookup is a means of fetching all group members in a single "
+"LDAP call. Different LDAP servers may implement different dereference "
+"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
+"Directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1403
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1416
+msgid "ldap_tls_reqcert (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1419
+msgid ""
+"Specifies what checks to perform on server certificates in a TLS session, if "
+"any. It can be specified as one of the following values:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1425
+msgid ""
+"<emphasis>never</emphasis> = The client will not request or check any server "
+"certificate."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1429
+msgid ""
+"<emphasis>allow</emphasis> = The server certificate is requested. If no "
+"certificate is provided, the session proceeds normally. If a bad certificate "
+"is provided, it will be ignored and the session proceeds normally."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1436
+msgid ""
+"<emphasis>try</emphasis> = The server certificate is requested. If no "
+"certificate is provided, the session proceeds normally. If a bad certificate "
+"is provided, the session is immediately terminated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1442
+msgid ""
+"<emphasis>demand</emphasis> = The server certificate is requested. If no "
+"certificate is provided, or a bad certificate is provided, the session is "
+"immediately terminated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1448
+msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1452
+msgid "Default: hard"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1458
+msgid "ldap_tls_cacert (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1461
+msgid ""
+"Specifies the file that contains certificates for all of the Certificate "
+"Authorities that <command>sssd</command> will recognize."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
+msgid ""
+"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
+"conf</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1473
+msgid "ldap_tls_cacertdir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1476
+msgid ""
+"Specifies the path of a directory that contains Certificate Authority "
+"certificates in separate individual files. Typically the file names need to "
+"be the hash of the certificate followed by '.0'. If available, "
+"<command>cacertdir_rehash</command> can be used to create the correct names."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1491
+msgid "ldap_tls_cert (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1494
+msgid "Specifies the file that contains the certificate for the client's key."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1504
+msgid "ldap_tls_key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1507
+msgid "Specifies the file that contains the client's key."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1516
+msgid "ldap_tls_cipher_suite (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1519
+msgid ""
+"Specifies acceptable cipher suites. Typically this is a colon separated "
+"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> for format."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1532
+msgid "ldap_id_use_start_tls (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1535
+msgid ""
+"Specifies that the id_provider connection must also use <systemitem class="
+"\"protocol\">tls</systemitem> to protect the channel."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1545
+msgid "ldap_id_mapping (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1548
+msgid ""
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1554
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1564
+msgid "ldap_min_id, ldap_max_id (interger)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1567
+msgid ""
+"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
+"set to true the allowed ID range for ldap_user_uid_number and "
+"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this "
+"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id "
+"can be set to restrict the allowed range for the IDs which are read directly "
+"from the server. Sub-domains can then pick other ranges to map IDs."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1579
+msgid "Default: not set (both options are set to 0)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1585
+msgid "ldap_sasl_mech (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1588
+msgid ""
+"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
+"supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1598
+msgid "ldap_sasl_authid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1601
+msgid ""
+"Specify the SASL authorization id to use. When GSSAPI is used, this "
+"represents the Kerberos principal used for authentication to the directory. "
+"This option can either contain the full principal (for example host/"
+"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1609
+msgid "Default: host/hostname@REALM"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1615
+msgid "ldap_sasl_realm (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1618
+msgid ""
+"Specify the SASL realm to use. When not specified, this option defaults to "
+"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
+"well, this option is ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1624
+msgid "Default: the value of krb5_realm."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1630
+msgid "ldap_sasl_canonicalize (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1633
+msgid ""
+"If set to true, the LDAP library would perform a reverse lookup to "
+"canonicalize the host name during a SASL bind."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1638
+msgid "Default: false;"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1644
+msgid "ldap_krb5_keytab (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1647
+msgid "Specify the keytab to use when using SASL/GSSAPI."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1650
+msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1656
+msgid "ldap_krb5_init_creds (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1659
+msgid ""
+"Specifies that the id_provider should init Kerberos credentials (TGT). This "
+"action is performed only if SASL is used and the mechanism selected is "
+"GSSAPI."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1671
+msgid "ldap_krb5_ticket_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1674
+msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
+msgid "Default: 86400 (24 hours)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
+msgid "krb5_server, krb5_backup_server (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1687
+msgid ""
+"Specifies the comma-separated list of IP addresses or hostnames of the "
+"Kerberos servers to which SSSD should connect in the order of preference. "
+"For more information on failover and server redundancy, see the "
+"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
+"colon) may be appended to the addresses or hostnames. If empty, service "
+"discovery is enabled - for more information, refer to the <quote>SERVICE "
+"DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
+msgid ""
+"When using service discovery for KDC or kpasswd servers, SSSD first searches "
+"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
+"none are found."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
+msgid ""
+"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
+"While the legacy name is recognized for the time being, users are advised to "
+"migrate their config files to use <quote>krb5_server</quote> instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+msgid "krb5_realm (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1716
+msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1719
+msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+msgid "krb5_canonicalize (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1728
+msgid ""
+"Specifies if the host principal should be canonicalized when connecting to "
+"LDAP server. This feature is available with MIT Kerberos >= 1.7"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
+msgid "krb5_use_kdcinfo (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
+msgid ""
+"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
+"which KDCs to use. This option is on by default, if you disable it, you need "
+"to configure the Kerberos library using the <citerefentry> "
+"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> configuration file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
+msgid ""
+"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
+"information on the locator plugin."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1768
+msgid "ldap_pwd_policy (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1771
+msgid ""
+"Select the policy to evaluate the password expiration on the client side. "
+"The following values are allowed:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1776
+msgid ""
+"<emphasis>none</emphasis> - No evaluation on the client side. This option "
+"cannot disable server-side password policies."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1781
+msgid ""
+"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
+"evaluate if the password has expired."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1787
+msgid ""
+"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
+"to determine if the password has expired. Use chpass_provider=krb5 to update "
+"these attributes when the password is changed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1796
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1804
+msgid "ldap_referrals (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1807
+msgid "Specifies whether automatic referral chasing should be enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1811
+msgid ""
+"Please note that sssd only supports referral chasing when it is compiled "
+"with OpenLDAP version 2.4.13 or higher."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1816
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1830
+msgid "ldap_dns_service_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1833
+msgid "Specifies the service name to use when service discovery is enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1837
+msgid "Default: ldap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1843
+msgid "ldap_chpass_dns_service_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1846
+msgid ""
+"Specifies the service name to use to find an LDAP server which allows "
+"password changes when service discovery is enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1851
+msgid "Default: not set, i.e. service discovery is disabled"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1857
+msgid "ldap_chpass_update_last_change (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1860
+msgid ""
+"Specifies whether to update the ldap_user_shadow_last_change attribute with "
+"days since the Epoch after a password change operation."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1872
+msgid "ldap_access_filter (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1875
+msgid ""
+"If using access_provider = ldap and ldap_access_order = filter (default), "
+"this option is mandatory. It specifies an LDAP search filter criteria that "
+"must be met for the user to be granted access on this host. If "
+"access_provider = ldap, ldap_access_order = filter and this option is not "
+"set, it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only and thus filtering based on nested "
+"groups may not work (e.g. memberOf attribute on AD entries points only to "
+"direct parents). If filtering based on nested groups is required, please see "
+"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1895
+msgid "Example:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ldap.5.xml:1898
+#, no-wrap
+msgid ""
+"access_provider = ldap\n"
+"ldap_access_filter = (employeeType=admin)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1902
+msgid ""
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1907
+msgid ""
+"Offline caching for this feature is limited to determining whether the "
+"user's last online login was granted access permission. If they were granted "
+"access during their last login, they will continue to be granted access "
+"while offline and vice-versa."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
+msgid "Default: Empty"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1921
+msgid "ldap_account_expire_policy (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1924
+msgid ""
+"With this option a client side evaluation of access control attributes can "
+"be enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1928
+msgid ""
+"Please note that it is always recommended to use server side access control, "
+"i.e. the LDAP server should deny the bind request with a suitable error code "
+"even if the password is correct."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1935
+msgid "The following values are allowed:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1938
+msgid ""
+"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
+"determine if the account is expired."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1943
+msgid ""
+"<emphasis>ad</emphasis>: use the value of the 32bit field "
+"ldap_user_ad_user_account_control and allow access if the second bit is not "
+"set. If the attribute is missing access is granted. Also the expiration time "
+"of the account is checked."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1950
+msgid ""
+"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
+"emphasis>: use the value of ldap_ns_account_lock to check if access is "
+"allowed or not."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1956
+msgid ""
+"<emphasis>nds</emphasis>: the values of "
+"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
+"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
+"If both attributes are missing access is granted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1965
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>expire</quote> in order for the "
+"ldap_account_expire_policy option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1978
+msgid "ldap_access_order (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1981
+msgid "Comma separated list of access control options. Allowed values are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1985
+msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1988
+msgid ""
+"<emphasis>lockout</emphasis>: use account locking. If set, this option "
+"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
+"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. "
+"Please note that 'access_provider = ldap' must be set for this feature to "
+"work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1998
+msgid ""
+"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
+"quote> option and might be removed in a future release. </emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2005
+msgid ""
+"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
+"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
+"and has value of '000001010000Z' or represents any time in the past. The "
+"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which "
+"denotes the UTC time zone. Other time zones are not currently supported and "
+"will result in \"access-denied\" when users attempt to log in. Please see "
+"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' "
+"must be set for this feature to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2022
+msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2026
+msgid ""
+"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
+"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
+"interested in being warned that password is about to expire and "
+"authentication is based on using a different method than passwords - for "
+"example SSH keys."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2036
+msgid ""
+"The difference between these options is the action taken if user password is "
+"expired: pwd_expire_policy_reject - user is denied to log in, "
+"pwd_expire_policy_warn - user is still able to log in, "
+"pwd_expire_policy_renew - user is prompted to change his password "
+"immediately."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2044
+msgid ""
+"Note If user password is expired no explicit message is prompted by SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2048
+msgid ""
+"Please note that 'access_provider = ldap' must be set for this feature to "
+"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2053
+msgid ""
+"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
+"to determine access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2058
+msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2062
+msgid "Default: filter"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2065
+msgid ""
+"Please note that it is a configuration error if a value is used more than "
+"once."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2072
+msgid "ldap_pwdlockout_dn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2075
+msgid ""
+"This option specifies the DN of password policy entry on LDAP server. Please "
+"note that absence of this option in sssd.conf in case of enabled account "
+"lockout checking will yield access denied as ppolicy attributes on LDAP "
+"server cannot be checked properly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2083
+msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2086
+msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2092
+msgid "ldap_deref (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2095
+msgid ""
+"Specifies how alias dereferencing is done when performing a search. The "
+"following options are allowed:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2100
+msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2104
+msgid ""
+"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
+"the base object, but not in locating the base object of the search."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2109
+msgid ""
+"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
+"the base object of the search."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2114
+msgid ""
+"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
+"in locating the base object of the search."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2119
+msgid ""
+"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
+"client libraries)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2127
+msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2130
+msgid ""
+"Allows to retain local users as members of an LDAP group for servers that "
+"use the RFC2307 schema."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2134
+msgid ""
+"In some environments where the RFC2307 schema is used, local users are made "
+"members of LDAP groups by adding their names to the memberUid attribute. "
+"The self-consistency of the domain is compromised when this is done, so SSSD "
+"would normally remove the \"missing\" users from the cached group "
+"memberships as soon as nsswitch tries to fetch information about the user "
+"via getpw*() or initgroups() calls."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2145
+msgid ""
+"This option falls back to checking if local users are referenced, and caches "
+"them so that later initgroups() calls will augment the local users with the "
+"additional LDAP groups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
+msgid "wildcart_limit (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2160
+msgid ""
+"Specifies an upper limit on the number of entries that are downloaded during "
+"a wildcard lookup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2164
+msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2168
+msgid "Default: 1000 (often the size of one page)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:51
+msgid ""
+"All of the common configuration options that apply to SSSD domains also "
+"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for full details. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2178
+msgid "SUDO OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2180
+msgid ""
+"The detailed instructions for configuration of sudo_provider are in the "
+"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2191
+msgid "ldap_sudorule_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2194
+msgid "The object class of a sudo rule entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2197
+msgid "Default: sudoRole"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2203
+msgid "ldap_sudorule_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2206
+msgid "The LDAP attribute that corresponds to the sudo rule name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2216
+msgid "ldap_sudorule_command (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2219
+msgid "The LDAP attribute that corresponds to the command name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2223
+msgid "Default: sudoCommand"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2229
+msgid "ldap_sudorule_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2232
+msgid ""
+"The LDAP attribute that corresponds to the host name (or host IP address, "
+"host IP network, or host netgroup)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2237
+msgid "Default: sudoHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2243
+msgid "ldap_sudorule_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2246
+msgid ""
+"The LDAP attribute that corresponds to the user name (or UID, group name or "
+"user's netgroup)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2250
+msgid "Default: sudoUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2256
+msgid "ldap_sudorule_option (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2259
+msgid "The LDAP attribute that corresponds to the sudo options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2263
+msgid "Default: sudoOption"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2269
+msgid "ldap_sudorule_runasuser (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2272
+msgid ""
+"The LDAP attribute that corresponds to the user name that commands may be "
+"run as."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2276
+msgid "Default: sudoRunAsUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2282
+msgid "ldap_sudorule_runasgroup (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2285
+msgid ""
+"The LDAP attribute that corresponds to the group name or group GID that "
+"commands may be run as."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2289
+msgid "Default: sudoRunAsGroup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2295
+msgid "ldap_sudorule_notbefore (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2298
+msgid ""
+"The LDAP attribute that corresponds to the start date/time for when the sudo "
+"rule is valid."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2302
+msgid "Default: sudoNotBefore"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2308
+msgid "ldap_sudorule_notafter (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2311
+msgid ""
+"The LDAP attribute that corresponds to the expiration date/time, after which "
+"the sudo rule will no longer be valid."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2316
+msgid "Default: sudoNotAfter"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2322
+msgid "ldap_sudorule_order (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2325
+msgid "The LDAP attribute that corresponds to the ordering index of the rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2329
+msgid "Default: sudoOrder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2335
+msgid "ldap_sudo_full_refresh_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2338
+msgid ""
+"How many seconds SSSD will wait between executing a full refresh of sudo "
+"rules (which downloads all rules that are stored on the server)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2343
+msgid ""
+"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
+"emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2348
+msgid "Default: 21600 (6 hours)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2354
+msgid "ldap_sudo_smart_refresh_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2357
+msgid ""
+"How many seconds SSSD has to wait before executing a smart refresh of sudo "
+"rules (which downloads all rules that have USN higher than the highest USN "
+"of cached rules)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2363
+msgid ""
+"If USN attributes are not supported by the server, the modifyTimestamp "
+"attribute is used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2373
+msgid "ldap_sudo_use_host_filter (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2376
+msgid ""
+"If true, SSSD will download only rules that are applicable to this machine "
+"(using the IPv4 or IPv6 host/network addresses and hostnames)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2387
+msgid "ldap_sudo_hostnames (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2390
+msgid ""
+"Space separated list of hostnames or fully qualified domain names that "
+"should be used to filter the rules."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2395
+msgid ""
+"If this option is empty, SSSD will try to discover the hostname and the "
+"fully qualified domain name automatically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
+msgid ""
+"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
+"emphasis> then this option has no effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
+msgid "Default: not specified"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2411
+msgid "ldap_sudo_ip (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2414
+msgid ""
+"Space separated list of IPv4 or IPv6 host/network addresses that should be "
+"used to filter the rules."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2419
+msgid ""
+"If this option is empty, SSSD will try to discover the addresses "
+"automatically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2434
+msgid "ldap_sudo_include_netgroups (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2437
+msgid ""
+"If true then SSSD will download every rule that contains a netgroup in "
+"sudoHost attribute."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2452
+msgid "ldap_sudo_include_regexp (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2455
+msgid ""
+"If true then SSSD will download every rule that contains a wildcard in "
+"sudoHost attribute."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2471
+msgid ""
+"This manual page only describes attribute name mapping. For detailed "
+"explanation of sudo related attribute semantics, see <citerefentry> "
+"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2481
+msgid "AUTOFS OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2483
+msgid ""
+"Some of the defaults for the parameters below are dependent on the LDAP "
+"schema."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2489
+msgid "ldap_autofs_map_master_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2492
+msgid "The name of the automount master map in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2495
+msgid "Default: auto.master"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2502
+msgid "ldap_autofs_map_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2505
+msgid "The object class of an automount map entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2508
+msgid "Default: automountMap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2515
+msgid "ldap_autofs_map_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2518
+msgid "The name of an automount map entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2521
+msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2529
+msgid "ldap_autofs_entry_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2532
+msgid ""
+"The object class of an automount entry in LDAP. The entry usually "
+"corresponds to a mount point."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2537
+msgid "Default: automount"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2544
+msgid "ldap_autofs_entry_key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
+msgid ""
+"The key of an automount entry in LDAP. The entry usually corresponds to a "
+"mount point."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2551
+msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2559
+msgid "ldap_autofs_entry_value (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2566
+msgid "Default: automountInformation"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2487
+msgid ""
+"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
+"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
+"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
+"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2576
+msgid "ADVANCED OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2583
+msgid "ldap_netgroup_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2588
+msgid "ldap_user_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2593
+msgid "ldap_group_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
+#: sssd-ldap.5.xml:2598
+msgid "<note>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
+#: sssd-ldap.5.xml:2600
+msgid ""
+"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"against Active Directory will not be restricted and return all groups "
+"memberships, even with no gid mapping. It is recommended to disable this "
+"feature, if group names are not being displayed correctly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist>
+#: sssd-ldap.5.xml:2607
+msgid "</note>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2609
+msgid "ldap_sudo_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2614
+msgid "ldap_autofs_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2578
+msgid ""
+"These options are supported by LDAP domains, but they should be used with "
+"caution. Please include them in your configuration only if you know what you "
+"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
+"\"variablelist\" id=\"1\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2631
+msgid ""
+"The following example assumes that SSSD is correctly configured and LDAP is "
+"set to one of the domains in the <replaceable>[domains]</replaceable> "
+"section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ldap.5.xml:2637
+#, no-wrap
+msgid ""
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"auth_provider = ldap\n"
+"ldap_uri = ldap://ldap.mydomain.org\n"
+"ldap_search_base = dc=mydomain,dc=org\n"
+"ldap_tls_reqcert = demand\n"
+"cache_credentials = true\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
+msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2648
+msgid "LDAP ACCESS FILTER EXAMPLE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2650
+msgid ""
+"The following example assumes that SSSD is correctly configured and to use "
+"the ldap_access_order=lockout."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ldap.5.xml:2655
+#, no-wrap
+msgid ""
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"auth_provider = ldap\n"
+"access_provider = ldap\n"
+"ldap_access_order = lockout\n"
+"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n"
+"ldap_uri = ldap://ldap.mydomain.org\n"
+"ldap_search_base = dc=mydomain,dc=org\n"
+"ldap_tls_reqcert = demand\n"
+"cache_credentials = true\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
+msgid "NOTES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2672
+msgid ""
+"The descriptions of some of the configuration options in this manual page "
+"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
+"distribution."
+msgstr ""
+
+#. type: Content of: <refentryinfo>
+#: pam_sss.8.xml:8 include/upstream.xml:2
+msgid ""
+"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
+"fedorahosted.org/sssd</orgname>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: pam_sss.8.xml:13 pam_sss.8.xml:18
+msgid "pam_sss"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: pam_sss.8.xml:19
+msgid "PAM module for SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: pam_sss.8.xml:24
+msgid ""
+"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
+"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:57
+msgid ""
+"<command>pam_sss.so</command> is the PAM interface to the System Security "
+"Services daemon (SSSD). Errors and results are logged through "
+"<command>syslog(3)</command> with the LOG_AUTHPRIV facility."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:67
+msgid "<option>quiet</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:70
+msgid "Suppress log messages for unknown users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:75
+msgid "<option>forward_pass</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:78
+msgid ""
+"If <option>forward_pass</option> is set the entered password is put on the "
+"stack for other PAM modules to use."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:85
+msgid "<option>use_first_pass</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:88
+msgid ""
+"The argument use_first_pass forces the module to use a previous stacked "
+"modules password and will never prompt the user - if no password is "
+"available or the password is not appropriate, the user will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:96
+msgid "<option>use_authtok</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:99
+msgid ""
+"When password changing enforce the module to set the new password to the one "
+"provided by a previously stacked password module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:106
+msgid "<option>retry=N</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:109
+msgid ""
+"If specified the user is asked another N times for a password if "
+"authentication fails. Default is 0."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:111
+msgid ""
+"Please note that this option might not work as expected if the application "
+"calling PAM handles the user dialog on its own. A typical example is "
+"<command>sshd</command> with <option>PasswordAuthentication</option>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:120
+msgid "<option>ignore_unknown_user</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:123
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:130
+msgid "<option>ignore_authinfo_unavail</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:134
+msgid ""
+"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
+"the SSSD daemon. This causes the PAM framework to ignore this module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:141
+msgid "<option>domains</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:145
+msgid ""
+"Allows the administrator to restrict the domains a particular PAM service is "
+"allowed to authenticate against. The format is a comma-separated list of "
+"SSSD domain names, as specified in the sssd.conf file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:151
+msgid ""
+"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
+"and <quote>pam_public_domains</quote> options. Please see the "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for more information on these two PAM "
+"responder options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: pam_sss.8.xml:191
+msgid "MODULE TYPES PROVIDED"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:192
+msgid ""
+"All module types (<option>account</option>, <option>auth</option>, "
+"<option>password</option> and <option>session</option>) are provided."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: pam_sss.8.xml:198
+msgid "FILES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:199
+msgid ""
+"If a password reset by root fails, because the corresponding SSSD provider "
+"does not support password resets, an individual message can be displayed. "
+"This message can e.g. contain instructions about how to reset a password."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:204
+msgid ""
+"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
+"filename> where LOC stands for a locale string returned by <citerefentry> "
+"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
+"citerefentry>. If there is no matching file the content of "
+"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
+"the owner of the files and only root may have read and write permissions "
+"while all other users must have only read permissions."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:214
+msgid ""
+"These files are searched in the directory <filename>/etc/sssd/customize/"
+"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
+"displayed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
+msgid "sssd_krb5_locator_plugin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+msgid "Kerberos locator plugin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:22
+msgid ""
+"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
+"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
+"libraries what Realm and which KDC to use. Typically this is done in "
+"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
+"To simplify the configuration the Realm and the KDC can be defined in "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> as described in <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:48
+msgid ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry> puts the Realm and the name or IP address of the KDC into "
+"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
+"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
+"libraries it reads and evaluates these variables and returns them to the "
+"libraries."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:63
+msgid ""
+"Not all Kerberos implementations support the use of plugins. If "
+"<command>sssd_krb5_locator_plugin</command> is not available on your system "
+"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:69
+msgid ""
+"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
+"debug messages will be sent to stderr."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
+msgid "sssd-simple"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-simple.5.xml:17
+msgid "the configuration file for SSSD's 'simple' access-control provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:24
+msgid ""
+"This manual page describes the configuration of the simple access-control "
+"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, "
+"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:38
+msgid ""
+"The simple access provider grants or denies access based on an access or "
+"deny list of user or group names. The following rules apply:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:43
+msgid "If all lists are empty, access is granted"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:47
+msgid ""
+"If any list is provided, the order of evaluation is allow,deny. This means "
+"that any matching deny rule will supersede any matched allow rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:54
+msgid ""
+"If either or both \"allow\" lists are provided, all users are denied unless "
+"they appear in the list."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:60
+msgid ""
+"If only \"deny\" lists are provided, all users are granted access unless "
+"they appear in the list."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:78
+msgid "simple_allow_users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:81
+msgid "Comma separated list of users who are allowed to log in."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:88
+msgid "simple_deny_users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:91
+msgid "Comma separated list of users who are explicitly denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:97
+msgid "simple_allow_groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:100
+msgid ""
+"Comma separated list of groups that are allowed to log in. This applies only "
+"to groups within this SSSD domain. Local groups are not evaluated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:108
+msgid "simple_deny_groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:111
+msgid ""
+"Comma separated list of groups that are explicitly denied access. This "
+"applies only to groups within this SSSD domain. Local groups are not "
+"evaluated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
+msgid ""
+"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> manual page for details on the configuration of an SSSD "
+"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:120
+msgid ""
+"Specifying no values for any of the lists is equivalent to skipping it "
+"entirely. Beware of this while generating parameters for the simple provider "
+"using automated scripts."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:125
+msgid ""
+"Please note that it is an configuration error if both, simple_allow_users "
+"and simple_deny_users, are defined."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:133
+msgid ""
+"The following example assumes that SSSD is correctly configured and example."
+"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
+"This examples shows only the simple access provider-specific options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-simple.5.xml:140
+#, no-wrap
+msgid ""
+"[domain/example.com]\n"
+"access_provider = simple\n"
+"simple_allow_users = user1, user2\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:150
+msgid ""
+"The complete group membership hierarchy is resolved before the access check, "
+"thus even nested groups can be included in the access lists. Please be "
+"aware that the <quote>ldap_group_nesting_level</quote> option may impact the "
+"results and should be set to a sufficient value. (<citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>) option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
+msgid "sssd-ipa"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:23
+msgid ""
+"This manual page describes the configuration of the IPA provider for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:36
+msgid ""
+"The IPA provider is a back end used to connect to an IPA server. (Refer to "
+"the freeipa.org web site for information about IPA servers.) This provider "
+"requires that the machine be joined to the IPA domain; configuration is "
+"almost entirely self-discovered and obtained directly from the server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:43
+msgid ""
+"The IPA provider accepts the same options used by the <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
+"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:62
+msgid ""
+"The IPA provider will use the PAC responder if the Kerberos tickets of users "
+"from trusted realms contain a PAC. To make configuration easier the PAC "
+"responder is started automatically if the IPA ID provider is configured."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:78
+msgid "ipa_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:81
+msgid ""
+"Specifies the name of the IPA domain. This is optional. If not provided, "
+"the configuration domain name is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:89
+msgid "ipa_server, ipa_backup_server (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:92
+msgid ""
+"The comma-separated list of IP addresses or hostnames of the IPA servers to "
+"which SSSD should connect in the order of preference. For more information "
+"on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:105
+msgid "ipa_hostname (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:108
+msgid ""
+"Optional. May be set on machines where the hostname(5) does not reflect the "
+"fully qualified name used in the IPA domain to identify this host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
+msgid "dyndns_update (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:119
+msgid ""
+"Optional. This option tells SSSD to automatically update the DNS server "
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
+msgid ""
+"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
+"the default Kerberos realm must be set properly in /etc/krb5.conf"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:133
+msgid ""
+"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
+"emphasis> option, users should migrate to using <emphasis>dyndns_update</"
+"emphasis> in their config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
+msgid "dyndns_ttl (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
+msgid ""
+"The TTL to apply to the client DNS record when updating it. If "
+"dyndns_update is false this has no effect. This will override the TTL "
+"serverside if set by an administrator."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:153
+msgid ""
+"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
+"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
+"emphasis> in their config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:159
+msgid "Default: 1200 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
+msgid "dyndns_iface (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
+msgid ""
+"Optional. Applicable only when dyndns_update is true. Choose the interface "
+"or a list of interfaces whose IP addresses should be used for dynamic DNS "
+"updates. Special value <quote>*</quote> implies that IPs from all interfaces "
+"should be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:175
+msgid ""
+"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
+"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
+"emphasis> in their config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:181
+msgid ""
+"Default: Use the IP addresses of the interface which is used for IPA LDAP "
+"connection"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
+msgid "Example: dyndns_iface = em1, vnet1, vnet2"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:191
+msgid "ipa_enable_dns_sites (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
+msgid "Enables DNS sites - location based service discovery."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:198
+msgid ""
+"If true and service discovery (see Service Discovery paragraph at the bottom "
+"of the man page) is enabled, then the SSSD will first attempt location "
+"based discovery using a query that contains \"_location.hostname.example.com"
+"\" and then fall back to traditional SRV discovery. If the location based "
+"discovery succeeds, the IPA servers located with the location based "
+"discovery are treated as primary servers and the IPA servers located using "
+"the traditional SRV discovery are used as back up servers"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
+msgid "dyndns_refresh_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
+msgid ""
+"How often should the back end perform periodic DNS update in addition to the "
+"automatic update performed when the back end goes online. This option is "
+"optional and applicable only when dyndns_update is true."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
+msgid "dyndns_update_ptr (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
+msgid ""
+"Whether the PTR record should also be explicitly updated when updating the "
+"client's DNS records. Applicable only when dyndns_update is true."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:241
+msgid ""
+"This option should be False in most IPA deployments as the IPA server "
+"generates the PTR records automatically when forward records are changed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:247
+msgid "Default: False (disabled)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
+msgid "dyndns_force_tcp (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
+msgid ""
+"Whether the nsupdate utility should default to using TCP for communicating "
+"with the DNS server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
+msgid "Default: False (let nsupdate choose the protocol)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
+msgid "dyndns_server (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
+msgid ""
+"The DNS server to use when performing a DNS update. In most setups, it's "
+"recommended to leave this option unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
+msgid ""
+"Setting this option makes sense for environments where the DNS server is "
+"different from the identity server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
+msgid ""
+"Please note that this option will be only used in fallback attempt when "
+"previous attempt using autodetected settings failed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
+msgid "Default: None (let nsupdate choose the server)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:290
+msgid "ipa_hbac_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:293
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:297
+msgid "Default: Use base DN"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_host_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "Optional. Use the given string as search base for host objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310 sssd-ipa.5.xml:329 sssd-ipa.5.xml:348 sssd-ipa.5.xml:367
+#: sssd-ipa.5.xml:386
+msgid ""
+"See <quote>ldap_search_base</quote> for information about configuring "
+"multiple search bases."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: sssd-ipa.5.xml:315 sssd-ipa.5.xml:334 include/ldap_search_bases.xml:27
+msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:322
+msgid "ipa_selinux_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:325
+msgid "Optional. Use the given string as search base for SELinux user maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:341
+msgid "ipa_subdomains_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:344
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:353
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:360
+msgid "ipa_master_domain_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:363
+msgid "Optional. Use the given string as search base for master domain object."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:372
+msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:379
+msgid "ipa_views_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:382
+msgid "Optional. Use the given string as search base for views containers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:391
+msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:398 sssd-krb5.5.xml:254
+msgid "krb5_validate (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:401
+msgid ""
+"Verify with the help of krb5_keytab that the TGT obtained has not been "
+"spoofed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
+msgid ""
+"Note that this default differs from the traditional Kerberos provider back "
+"end."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:418
+msgid ""
+"The name of the Kerberos realm. This is optional and defaults to the value "
+"of <quote>ipa_domain</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:422
+msgid ""
+"The name of the Kerberos realm has a special meaning in IPA - it is "
+"converted into the base DN to use for performing LDAP operations."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:433
+msgid ""
+"Specifies if the host and user principal should be canonicalized when "
+"connecting to IPA LDAP and also for AS requests. This feature is available "
+"with MIT Kerberos >= 1.7"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416
+msgid "krb5_use_fast (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:454
+msgid "<emphasis>never</emphasis> use FAST."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:457
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it. This is equivalent to not setting "
+"this option at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:468
+msgid "Default: try"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
+msgid "krb5_confd_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
+msgid ""
+"Absolute path of a directory where SSSD should place Kerberos configuration "
+"snippets."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
+msgid ""
+"To disable the creation of the configuration snippets set the parameter to "
+"'none'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
+msgid ""
+"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:498
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:501
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:514
+msgid "ipa_hbac_selinux (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:517
+msgid ""
+"The amount of time between lookups of the SELinux maps against the IPA "
+"server. This will reduce the latency and load on the IPA server if there are "
+"many user login requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:530
+msgid "ipa_server_mode (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:533
+msgid "This option should only be set by the IPA installer."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:537
+msgid ""
+"The option denotes that the SSSD is running on IPA server and should perform "
+"lookups of users and groups from trusted domains differently."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:548
+msgid "ipa_automount_location (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:551
+msgid "The automounter location this IPA client will be using"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:554
+msgid "Default: The location named \"default\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-ipa.5.xml:562
+msgid "VIEWS AND OVERRIDES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:571
+msgid "ipa_view_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:574
+msgid "Objectclass of the view container."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:577
+msgid "Default: nsContainer"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:583
+msgid "ipa_view_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:586
+msgid "Name of the attribute holding the name of the view."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:596
+msgid "ipa_overide_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:599
+msgid "Objectclass of the override objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:602
+msgid "Default: ipaOverrideAnchor"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:608
+msgid "ipa_anchor_uuid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:611
+msgid ""
+"Name of the attribute containing the reference to the original object in a "
+"remote domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:615
+msgid "Default: ipaAnchorUUID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:621
+msgid "ipa_user_override_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:624
+msgid ""
+"Name of the objectclass for user overrides. It is used to determine if the "
+"found override object is related to a user or a group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:629
+msgid "User overrides can contain attributes given by"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:632
+msgid "ldap_user_name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:635
+msgid "ldap_user_uid_number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:638
+msgid "ldap_user_gid_number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:641
+msgid "ldap_user_gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:644
+msgid "ldap_user_home_directory"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:647
+msgid "ldap_user_shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:650
+msgid "ldap_user_ssh_public_key"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:655
+msgid "Default: ipaUserOverride"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:661
+msgid "ipa_group_override_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:664
+msgid ""
+"Name of the objectclass for group overrides. It is used to determine if the "
+"found override object is related to a user or a group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:669
+msgid "Group overrides can contain attributes given by"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:672
+msgid "ldap_group_name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:675
+msgid "ldap_group_gid_number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:680
+msgid "Default: ipaGroupOverride"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-ipa.5.xml:564
+msgid ""
+"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
+"later version. Since all paths and objectclasses are fixed on the server "
+"side there is basically no need to configure anything. For completeness the "
+"related options are listed here with their default values. <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ipa.5.xml:690
+msgid "SUBDOMAINS PROVIDER"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:692
+msgid ""
+"The IPA subdomains provider behaves slightly differently if it is configured "
+"explicitly or implicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:696
+msgid ""
+"If the option 'subdomains_provider = ipa' is found in the domain section of "
+"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
+"subdomain requests are sent to the IPA server if necessary."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:702
+msgid ""
+"If the option 'subdomains_provider' is not set in the domain section of sssd."
+"conf but there is the option 'id_provider = ipa', the IPA subdomains "
+"provider is configured implicitly. In this case, if a subdomain request "
+"fails and indicates that the server does not support subdomains, i.e. is not "
+"configured for trusts, the IPA subdomains provider is disabled. After an "
+"hour or after the IPA provider goes online, the subdomains provider is "
+"enabled again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:719
+msgid ""
+"The following example assumes that SSSD is correctly configured and example."
+"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
+"This examples shows only the ipa provider-specific options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ipa.5.xml:726
+#, no-wrap
+msgid ""
+"[domain/example.com]\n"
+"id_provider = ipa\n"
+"ipa_server = ipaserver.example.com\n"
+"ipa_hostname = myhost.example.com\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ad.5.xml:10 sssd-ad.5.xml:16
+msgid "sssd-ad"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+msgid "SSSD Active Directory provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:23
+msgid ""
+"This manual page describes the configuration of the AD provider for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:36
+msgid ""
+"The AD provider is a back end used to connect to an Active Directory server. "
+"This provider requires that the machine be joined to the AD domain and a "
+"keytab is available."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:41
+msgid ""
+"The AD provider supports connecting to Active Directory 2008 R2 or later. "
+"Earlier versions may work, but are unsupported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:45
+msgid ""
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:51
+msgid ""
+"The AD provider accepts the same options used by the <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
+"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:63
+msgid ""
+"However, it is neither necessary nor recommended to set these options. The "
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ad.5.xml:75
+#, no-wrap
+msgid ""
+"ldap_id_mapping = False\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:69
+msgid ""
+"By default, the AD provider will map UID and GID values from the objectSID "
+"parameter in Active Directory. For details on this, see the <quote>ID "
+"MAPPING</quote> section below. If you want to disable ID mapping and instead "
+"rely on POSIX attributes defined in Active Directory, you should set "
+"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users "
+"and groups using POSIX attributes from trusted domains, the AD administrator "
+"must make sure that the POSIX attributes are replicated to the Global "
+"Catalog."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:82
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as case-"
+"insensitive in the AD provider for compatibility with Active Directory's "
+"LDAP implementation."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:97
+msgid "ad_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:100
+msgid ""
+"Specifies the name of the Active Directory domain. This is optional. If not "
+"provided, the configuration domain name is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:105
+msgid ""
+"For proper operation, this option should be specified as the lower-case "
+"version of the long version of the Active Directory domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:110
+msgid ""
+"The short domain name (also known as the NetBIOS or the flat name) is "
+"autodetected by the SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:117
+msgid "ad_server, ad_backup_server (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:120
+msgid ""
+"The comma-separated list of hostnames of the AD servers to which SSSD should "
+"connect in order of preference. For more information on failover and server "
+"redundancy, see the <quote>FAILOVER</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
+msgid "ad_hostname (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:143
+msgid ""
+"Optional. May be set on machines where the hostname(5) does not reflect the "
+"fully qualified name used in the Active Directory domain to identify this "
+"host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:149
+msgid ""
+"This field is used to determine the host principal in use in the keytab. It "
+"must match the hostname for which the keytab was issued."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:157
+msgid "ad_enable_dns_sites (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:164
+msgid ""
+"If true and service discovery (see Service Discovery paragraph at the bottom "
+"of the man page) is enabled, the SSSD will first attempt to discover the "
+"Active Directory server to connect to using the Active Directory Site "
+"Discovery and fall back to the DNS SRV records if no AD site is found. The "
+"DNS SRV configuration, including the discovery domain, is used during site "
+"discovery as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:180
+msgid "ad_access_filter (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the <quote>access_provider</"
+"quote> option must be explicitly set to <quote>ad</quote> in order for this "
+"option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:191
+msgid ""
+"The option also supports specifying different filters per domain or forest. "
+"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
+"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
+"missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:199
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
+"quote> specifies the domain or subdomain the filter applies to. If the "
+"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
+"domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:207
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:212
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the per-"
+"domain filter would be applied. If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:223
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
+msgid "Default: Not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:239
+msgid "ad_site (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:242
+msgid ""
+"Specify AD site to which client should try to connect. If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:253
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:256
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:264
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:278
+msgid "ad_gpo_access_control (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:281
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:290
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to a particular host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:296
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:309
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:313
+msgid ""
+"disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:319
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:325
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced. "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:336
+msgid "Default: permissive"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:339
+msgid "Default: enforcing"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:345
+msgid "ad_gpo_cache_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:348
+msgid ""
+"The amount of time between lookups of GPO policy files against the AD "
+"server. This will reduce the latency and load on the AD server if there are "
+"many access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:361
+msgid "ad_gpo_map_interactive (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:364
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the InteractiveLogonRight and "
+"DenyInteractiveLogonRight policy settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:370
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Allow "
+"log on locally\" and \"Deny log on locally\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:384
+#, no-wrap
+msgid ""
+"ad_gpo_map_interactive = +my_pam_service, -login\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:375
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>. For example, in "
+"order to replace a default PAM service name for this logon right (e.g. "
+"<quote>login</quote>) with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
+msgid "Default: the default set of PAM service names includes:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:392
+msgid "login"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:397
+msgid "su"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:402
+msgid "su-l"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:407
+msgid "gdm-fingerprint"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:412
+msgid "gdm-password"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:417
+msgid "gdm-smartcard"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:422
+msgid "kdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:456
+msgid "ad_gpo_map_remote_interactive (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:459
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the RemoteInteractiveLogonRight and "
+"DenyRemoteInteractiveLogonRight policy settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:465
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Allow "
+"log on through Remote Desktop Services\" and \"Deny log on through Remote "
+"Desktop Services\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:480
+#, no-wrap
+msgid ""
+"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:471
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>. For example, in "
+"order to replace a default PAM service name for this logon right (e.g. "
+"<quote>sshd</quote>) with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:488
+msgid "sshd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:502
+msgid "ad_gpo_map_network (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:505
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the NetworkLogonRight and "
+"DenyNetworkLogonRight policy settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:511
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Access "
+"this computer from the network\" and \"Deny access to this computer from the "
+"network\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:526
+#, no-wrap
+msgid ""
+"ad_gpo_map_network = +my_pam_service, -ftp\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:517
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>. For example, in "
+"order to replace a default PAM service name for this logon right (e.g. "
+"<quote>ftp</quote>) with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:534
+msgid "ftp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:539
+msgid "samba"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:548
+msgid "ad_gpo_map_batch (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:551
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
+"policy settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:557
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Allow "
+"log on as a batch job\" and \"Deny log on as a batch job\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:571
+#, no-wrap
+msgid ""
+"ad_gpo_map_batch = +my_pam_service, -crond\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:562
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>. For example, in "
+"order to replace a default PAM service name for this logon right (e.g. "
+"<quote>crond</quote>) with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:579
+msgid "crond"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:588
+msgid "ad_gpo_map_service (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:591
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the ServiceLogonRight and "
+"DenyServiceLogonRight policy settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:597
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Allow "
+"log on as a service\" and \"Deny log on as a service\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:610
+#, no-wrap
+msgid ""
+"ad_gpo_map_service = +my_pam_service\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
+msgid ""
+"It is possible to add a PAM service name to the default set by using <quote>"
+"+service_name</quote>. Since the default set is empty, it is not possible "
+"to remove a PAM service name from the default set. For example, in order to "
+"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you "
+"would use the following configuration: <placeholder type=\"programlisting\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:620
+msgid "ad_gpo_map_permit (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:623
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access is "
+"always granted, regardless of any GPO Logon Rights."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:637
+#, no-wrap
+msgid ""
+"ad_gpo_map_permit = +my_pam_service, -sudo\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:628
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>. For example, in "
+"order to replace a default PAM service name for unconditionally permitted "
+"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
+msgid "sudo"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:655
+msgid "sudo-i"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:660
+msgid "systemd-user"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:669
+msgid "ad_gpo_map_deny (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:672
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access is "
+"always denied, regardless of any GPO Logon Rights."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:685
+#, no-wrap
+msgid ""
+"ad_gpo_map_deny = +my_pam_service\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:695
+msgid "ad_gpo_default_right (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:698
+msgid ""
+"This option defines how access control is evaluated for PAM service names "
+"that are not explicitly listed in one of the ad_gpo_map_* options. This "
+"option can be set in two different manners. First, this option can be set to "
+"use a default logon right. For example, if this option is set to "
+"'interactive', it means that unmapped PAM service names will be processed "
+"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy "
+"settings. Alternatively, this option can be set to either always permit or "
+"always deny access for unmapped PAM service names."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:711
+msgid "Supported values for this option include:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:715
+msgid "interactive"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:720
+msgid "remote_interactive"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:725
+msgid "network"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:730
+msgid "batch"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:735
+msgid "service"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:740
+msgid "permit"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:745
+msgid "deny"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:751
+msgid "Default: deny"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+msgid "Default: 30 days"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
+msgid ""
+"Optional. This option tells SSSD to automatically update the Active "
+"Directory DNS server with the IP address of this client. The update is "
+"secured using GSS-TSIG. As a consequence, the Active Directory administrator "
+"only needs to allow secure updates for the DNS zone. The IP address of the "
+"AD LDAP connection is used for the updates, if it is not otherwise specified "
+"by using the <quote>dyndns_iface</quote> option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:823
+msgid "Default: 3600 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:839
+msgid ""
+"Default: Use the IP addresses of the interface which is used for AD LDAP "
+"connection"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
+msgid "Default: True"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
+msgid "krb5_use_enterprise_principal (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
+msgid ""
+"Specifies if the user principal should be treated as enterprise principal. "
+"See section 5 of RFC 6806 for more details about enterprise principals."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:967
+msgid ""
+"The following example assumes that SSSD is correctly configured and example."
+"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
+"This example shows only the AD provider-specific options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ad.5.xml:974
+#, no-wrap
+msgid ""
+"[domain/EXAMPLE]\n"
+"id_provider = ad\n"
+"auth_provider = ad\n"
+"access_provider = ad\n"
+"chpass_provider = ad\n"
+"\n"
+"ad_server = dc1.example.com\n"
+"ad_hostname = client.example.com\n"
+"ad_domain = example.com\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ad.5.xml:994
+#, no-wrap
+msgid ""
+"access_provider = ldap\n"
+"ldap_access_order = expire\n"
+"ldap_account_expire_policy = ad\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:990
+msgid ""
+"The AD access control provider checks if the account is expired. It has the "
+"same effect as the following configuration of the LDAP provider: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1000
+msgid ""
+"However, unless the <quote>ad</quote> access control provider is explicitly "
+"configured, the default access provider is <quote>permit</quote>. Please "
+"note that if you configure an access provider other than <quote>ad</quote>, "
+"you need to set all the connection parameters (such as LDAP URIs and "
+"encryption details) manually."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+msgid "sssd-sudo"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-sudo.5.xml:17
+msgid "Configuring sudo with the SSSD back end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:23
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-sudo.5.xml:36
+msgid "Configuring sudo to cooperate with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:38
+msgid ""
+"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to "
+"the <emphasis>sudoers</emphasis> entry in <citerefentry> "
+"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:47
+msgid ""
+"For example, to configure sudo to first lookup rules in the standard "
+"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> file (which should contain rules that apply to "
+"local users) and then in SSSD, the nsswitch.conf file should contain the "
+"following line:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-sudo.5.xml:57
+#, no-wrap
+msgid "sudoers: files sss\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:61
+msgid ""
+"More information about configuring the sudoers search order from the "
+"nsswitch.conf file as well as information about the LDAP schema that is used "
+"to store sudo rules in the directory can be found in <citerefentry> "
+"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry> to your NIS domain name (which equals to IPA domain name when "
+"using hostgroups)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-sudo.5.xml:82
+msgid "Configuring SSSD to fetch sudo rules"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
+"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
+"option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
+msgid ""
+"The following example shows how to configure SSSD to download sudo rules "
+"from an LDAP server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-sudo.5.xml:99
+#, no-wrap
+msgid ""
+"[sssd]\n"
+"config_file_version = 2\n"
+"services = nss, pam, sudo\n"
+"domains = EXAMPLE\n"
+"\n"
+"[domain/EXAMPLE]\n"
+"id_provider = ldap\n"
+"sudo_provider = ldap\n"
+"ldap_uri = ldap://example.com\n"
+"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:112
+msgid ""
+"When the SSSD is configured to use IPA as the ID provider, the sudo provider "
+"is automatically enabled. The sudo search base is configured to use the "
+"compat tree (ou=sudoers,$DC)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-sudo.5.xml:119
+msgid "The SUDO rule caching mechanism"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:121
+msgid ""
+"The biggest challenge, when developing sudo support in SSSD, was to ensure "
+"that running sudo with SSSD as the data source provides the same user "
+"experience and is as fast as sudo but keeps providing the most current set "
+"of rules as possible. To satisfy these requirements, SSSD uses three kinds "
+"of updates. They are referred to as full refresh, smart refresh and rules "
+"refresh."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:129
+msgid ""
+"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
+"new or were modified after the last update. Its primary goal is to keep the "
+"database growing by fetching only small increments that do not generate "
+"large amounts of network traffic."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:135
+msgid ""
+"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
+"in the cache and replaces them with all rules that are stored on the server. "
+"This is used to keep the cache consistent by removing every rule which was "
+"deleted from the server. However, full refresh may produce a lot of traffic "
+"and thus it should be run only occasionally depending on the size and "
+"stability of the sudo rules."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:143
+msgid ""
+"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
+"more permission than defined. It is triggered each time the user runs sudo. "
+"Rules refresh will find all rules that apply to this user, check their "
+"expiration time and redownload them if expired. In the case that any of "
+"these rules are missing on the server, the SSSD will do an out of band full "
+"refresh because more rules (that apply to other users) may have been deleted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:152
+msgid ""
+"If enabled, SSSD will store only rules that can be applied to this machine. "
+"This means rules that contain one of the following values in "
+"<emphasis>sudoHost</emphasis> attribute:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:159
+msgid "keyword ALL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:164
+msgid "wildcard"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:169
+msgid "netgroup (in the form \"+netgroup\")"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:174
+msgid "hostname or fully qualified domain name of this machine"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:179
+msgid "one of the IP addresses of this machine"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:184
+msgid "one of the IP addresses of the network (in the form \"address/mask\")"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:190
+msgid ""
+"There are many configuration options that can be used to adjust the "
+"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd.8.xml:10 sssd.8.xml:15
+msgid "sssd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd.8.xml:16
+msgid "System Security Services Daemon"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sssd.8.xml:21
+msgid ""
+"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:31
+msgid ""
+"<command>SSSD</command> provides a set of daemons to manage access to remote "
+"directories and authentication mechanisms. It provides an NSS and PAM "
+"interface toward the system and a pluggable backend system to connect to "
+"multiple different account sources as well as D-Bus interface. It is also "
+"the basis to provide client auditing and policy services for projects like "
+"FreeIPA. It provides a more robust database to store local users as well as "
+"extended user data."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:46
+msgid ""
+"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:53
+msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:57
+msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:60
+msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:69
+msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:73
+msgid ""
+"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:76
+msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:85
+msgid "<option>-f</option>,<option>--debug-to-files</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:89
+msgid ""
+"Send the debug output to files instead of stderr. By default, the log files "
+"are stored in <filename>/var/log/sssd</filename> and there are separate log "
+"files for every SSSD service and domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:97
+msgid "<option>-D</option>,<option>--daemon</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:101
+msgid "Become a daemon after starting up."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:107 sss_seed.8.xml:136
+msgid "<option>-i</option>,<option>--interactive</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:111
+msgid "Run in the foreground, don't become a daemon."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+msgid "<option>-c</option>,<option>--config</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+msgid ""
+"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
+"conf</filename>. For reference on the config file syntax and options, "
+"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.8.xml:147
+msgid "Signals"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:150
+msgid "SIGTERM/SIGINT"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:153
+msgid ""
+"Informs the SSSD to gracefully terminate all of its child processes and then "
+"shut down the monitor."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:159
+msgid "SIGHUP"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:162
+msgid ""
+"Tells the SSSD to stop writing to its current debug file descriptors and to "
+"close and reopen them. This is meant to facilitate log rolling with programs "
+"like logrotate."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:170
+msgid "SIGUSR1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:173
+msgid ""
+"Tells the SSSD to simulate offline operation for the duration of the "
+"<quote>offline_timeout</quote> parameter. This is useful for testing. The "
+"signal can be sent to either the sssd process or any sssd_be process "
+"directly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:182
+msgid "SIGUSR2"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:185
+msgid ""
+"Tells the SSSD to go online immediately. This is useful for testing. The "
+"signal can be sent to either the sssd process or any sssd_be process "
+"directly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:197
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in memory cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
+msgid "sss_obfuscate"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_obfuscate.8.xml:16
+msgid "obfuscate a clear text password"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_obfuscate.8.xml:21
+msgid ""
+"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
+"replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:32
+msgid ""
+"<command>sss_obfuscate</command> converts a given password into human-"
+"unreadable format and places it into appropriate domain section of the SSSD "
+"config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:37
+msgid ""
+"The cleartext password is read from standard input or entered "
+"interactively. The obfuscated password is put into "
+"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
+"<quote>ldap_default_authtok_type</quote> parameter is set to "
+"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more details on these parameters."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:49
+msgid ""
+"Please note that obfuscating the password provides <emphasis>no real "
+"security benefit</emphasis> as it is still possible for an attacker to "
+"reverse-engineer the password back. Using better authentication mechanisms "
+"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
+"advised."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:63
+msgid "<option>-s</option>,<option>--stdin</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:67
+msgid "The password to obfuscate will be read from standard input."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
+#: sss_ssh_knownhostsproxy.1.xml:78
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:79
+msgid ""
+"The SSSD domain to use the password in. The default name is <quote>default</"
+"quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:86
+msgid ""
+"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:91
+msgid "Read the config file specified by the positional parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:95
+msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_override.8.xml:10 sss_override.8.xml:15
+msgid "sss_override"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_override.8.xml:16
+msgid "create local overrides of user and group attributes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_override.8.xml:21
+msgid ""
+"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</"
+"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_override.8.xml:32
+msgid ""
+"<command>sss_override</command> enables to create a client-side view and "
+"allows to change selected values of specific user and groups. This change "
+"takes effect only on local machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_override.8.xml:37
+msgid ""
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_override.8.xml:50
+msgid "AVAILABLE COMMANDS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_override.8.xml:52
+msgid ""
+"Argument <emphasis>NAME</emphasis> is the name of original object in all "
+"commands. It is not possible to override <emphasis>uid</emphasis> or "
+"<emphasis>gid</emphasis> to 0."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:59
+msgid ""
+"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
+"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
+"optional> <optional><option>-g,--gid</option> GID</optional> "
+"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
+"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:80
+msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:94
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
+msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:123
+msgid ""
+"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
+"similar to standard passwd file. The format is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:131
+msgid ""
+"where original_name is original name of the user whose attributes should be "
+"overridden. The rest of fields correspond to new values. You can omit a "
+"value simply by leaving corresponding field empty."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:140
+msgid "ckent:superman::::::"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:149
+msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:154
+msgid ""
+"Export all overridden attributes and store them in <emphasis>FILE</"
+"emphasis>. See <emphasis>user-import</emphasis> for data format."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:162
+msgid ""
+"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
+"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:177
+msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:215
+msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:220
+msgid ""
+"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
+"similar to standard group file. The format is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:225
+msgid "original_name:name:gid"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:228
+msgid ""
+"where original_name is original name of the group whose attributes should be "
+"overridden. The rest of fields correspond to new values. You can omit a "
+"value simply by leaving corresponding field empty."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:237
+msgid "admins:administrators:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:240
+msgid "Domain Users:Users:501"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:246
+msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:251
+msgid ""
+"Export all overridden attributes and store them in <emphasis>FILE</"
+"emphasis>. See <emphasis>group-import</emphasis> for data format."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_override.8.xml:261
+#, fuzzy
+#| msgid "OPTIONS"
+msgid "COMMON OPTIONS"
+msgstr "OPÇÕES"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_override.8.xml:263
+msgid "Those options are available with all commands."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:268
+msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
+msgid "sss_useradd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_useradd.8.xml:16
+msgid "create a new user"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_useradd.8.xml:21
+msgid ""
+"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_useradd.8.xml:32
+msgid ""
+"<command>sss_useradd</command> creates a new user account using the values "
+"specified on the command line plus the default values from the system."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:43 sss_seed.8.xml:76
+msgid ""
+"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:48
+msgid ""
+"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
+"not given, it is chosen automatically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100
+msgid ""
+"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105
+msgid ""
+"Any text string describing the user. Often used as the field for the user's "
+"full name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112
+msgid ""
+"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:72
+msgid ""
+"The home directory of the user account. The default is to append the "
+"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
+"that as the home directory. The base that is prepended before "
+"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
+"baseDirectory</quote> setting in sssd.conf."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124
+msgid ""
+"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:87
+msgid ""
+"The user's login shell. The default is currently <filename>/bin/bash</"
+"filename>. The default can be changed with <quote>user_defaults/"
+"defaultShell</quote> setting in sssd.conf."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:96
+msgid ""
+"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:101
+msgid "A list of existing groups this user is also a member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:107
+msgid "<option>-m</option>,<option>--create-home</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:111
+msgid ""
+"Create the user's home directory if it does not exist. The files and "
+"directories contained in the skeleton directory (which can be defined with "
+"the -k option or in the config file) will be copied to the home directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:121
+msgid "<option>-M</option>,<option>--no-create-home</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:125
+msgid ""
+"Do not create the user's home directory. Overrides configuration settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:132
+msgid ""
+"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:137
+msgid ""
+"The skeleton directory, which contains files and directories to be copied in "
+"the user's home directory, when the home directory is created by "
+"<command>sss_useradd</command>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:143
+msgid ""
+"Special files (block devices, character devices, named pipes and unix "
+"sockets) will not be copied."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:147
+msgid ""
+"This option is only valid if the <option>-m</option> (or <option>--create-"
+"home</option>) option is specified, or creation of home directories is set "
+"to TRUE in the configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:156 sss_usermod.8.xml:124
+msgid ""
+"<option>-Z</option>,<option>--selinux-user</option> "
+"<replaceable>SELINUX_USER</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:161
+msgid ""
+"The SELinux user for the user's login. If not specified, the system default "
+"will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
+msgid "sssd-krb5"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+msgid "SSSD Kerberos provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:23
+msgid ""
+"This manual page describes the configuration of the Kerberos 5 "
+"authentication backend for <citerefentry> <refentrytitle>sssd</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed "
+"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
+"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:36
+msgid ""
+"The Kerberos 5 authentication backend contains auth and chpass providers. It "
+"must be paired with an identity provider in order to function properly (for "
+"example, id_provider = ldap). Some information required by the Kerberos 5 "
+"authentication backend must be provided by the identity provider, such as "
+"the user's Kerberos Principal Name (UPN). The configuration of the identity "
+"provider should have an entry to specify the UPN. Please refer to the man "
+"page for the applicable identity provider for details on how to configure "
+"this."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:47
+msgid ""
+"This backend also provides access control based on the .k5login file in the "
+"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
+"Please note that an empty .k5login file will deny all access to this user. "
+"To activate this feature, use 'access_provider = krb5' in your SSSD "
+"configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:55
+msgid ""
+"In the case where the UPN is not available in the identity backend, "
+"<command>sssd</command> will construct a UPN using the format "
+"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:77
+msgid ""
+"Specifies the comma-separated list of IP addresses or hostnames of the "
+"Kerberos servers to which SSSD should connect, in the order of preference. "
+"For more information on failover and server redundancy, see the "
+"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
+"colon) may be appended to the addresses or hostnames. If empty, service "
+"discovery is enabled; for more information, refer to the <quote>SERVICE "
+"DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:106
+msgid ""
+"The name of the Kerberos realm. This option is required and must be "
+"specified."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:113
+msgid "krb5_kpasswd, krb5_backup_kpasswd (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:116
+msgid ""
+"If the change password service is not running on the KDC, alternative "
+"servers can be defined here. An optional port number (preceded by a colon) "
+"may be appended to the addresses or hostnames."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:122
+msgid ""
+"For more information on failover and server redundancy, see the "
+"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd "
+"servers to try, the backend is not switched to operate offline if "
+"authentication against the KDC is still possible."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:129
+msgid "Default: Use the KDC"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:135
+msgid "krb5_ccachedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:138
+msgid ""
+"Directory to store credential caches. All the substitution sequences of "
+"krb5_ccname_template can be used here, too, except %d and %P. The directory "
+"is created as private and owned by the user, with permissions set to 0700."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:145
+msgid "Default: /tmp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:151
+msgid "krb5_ccname_template (string)"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:170
+msgid "login UID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:173
+msgid "%p"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:174
+msgid "principal name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:178
+msgid "%r"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:179
+msgid "realm name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:182
+msgid "%h"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
+msgid "home directory"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:188
+msgid "value of krb5_ccachedir"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:193 include/override_homedir.xml:27
+msgid "%P"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:194
+msgid "the process ID of the SSSD client"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:45
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:46
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:154
+msgid ""
+"Location of the user's credential cache. Three credential cache types are "
+"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
+"<quote>KEYRING:persistent</quote>. The cache can be specified either as "
+"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which "
+"implies the <quote>FILE</quote> type. In the template, the following "
+"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If "
+"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique "
+"filename in a safe way."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:208
+msgid ""
+"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
+"persistent:%U</quote>, which uses the Linux kernel keyring to store "
+"credentials on a per-UID basis. This is also the recommended choice, as it "
+"is the most secure and predictable method."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:216
+msgid ""
+"The default value for the credential cache name is sourced from the profile "
+"stored in the system wide krb5.conf configuration file in the [libdefaults] "
+"section. The option name is default_ccache_name. See krb5.conf(5)'s "
+"PARAMETER EXPANSION paragraph for additional information on the expansion "
+"format defined by krb5.conf."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:225
+msgid ""
+"NOTE: Please be aware that libkrb5 ccache expansion template from "
+"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> uses different expansion sequences than SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:234
+msgid "Default: (from libkrb5)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:240
+msgid "krb5_auth_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:243
+msgid ""
+"Timeout in seconds after an online authentication request or change password "
+"request is aborted. If possible, the authentication request is continued "
+"offline."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:257
+msgid ""
+"Verify with the help of krb5_keytab that the TGT obtained has not been "
+"spoofed. The keytab is checked for entries sequentially, and the first entry "
+"with a matching realm is used for validation. If no entry matches the realm, "
+"the last entry in the keytab is used. This process can be used to validate "
+"environments using cross-realm trust by placing the appropriate keytab entry "
+"as the last entry or the only entry in the keytab file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:272
+msgid "krb5_keytab (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:275
+msgid ""
+"The location of the keytab to use when validating credentials obtained from "
+"KDCs."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:279
+msgid "Default: /etc/krb5.keytab"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:285
+msgid "krb5_store_password_if_offline (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:288
+msgid ""
+"Store the password of the user if the provider is offline and use it to "
+"request a TGT when the provider comes online again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:293
+msgid ""
+"NOTE: this feature is only available on Linux. Passwords stored in this way "
+"are kept in plaintext in the kernel keyring and are potentially accessible "
+"by the root user (with difficulty)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:306
+msgid "krb5_renewable_lifetime (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:309
+msgid ""
+"Request a renewable ticket with a total lifetime, given as an integer "
+"immediately followed by a time unit:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
+msgid "<emphasis>s</emphasis> for seconds"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388
+msgid "<emphasis>m</emphasis> for minutes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391
+msgid "<emphasis>h</emphasis> for hours"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394
+msgid "<emphasis>d</emphasis> for days."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397
+msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401
+msgid ""
+"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
+"and a half hours, use '90m' instead of '1h30m'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:335
+msgid "Default: not set, i.e. the TGT is not renewable"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:341
+msgid "krb5_lifetime (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:344
+msgid ""
+"Request ticket with a lifetime, given as an integer immediately followed by "
+"a time unit:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:360
+msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:364
+msgid ""
+"NOTE: It is not possible to mix units. To set the lifetime to one and a "
+"half hours please use '90m' instead of '1h30m'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:369
+msgid ""
+"Default: not set, i.e. the default ticket lifetime configured on the KDC."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:376
+msgid "krb5_renew_interval (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:379
+msgid ""
+"The time in seconds between two checks if the TGT should be renewed. TGTs "
+"are renewed if about half of their lifetime is exceeded, given as an integer "
+"immediately followed by a time unit:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:406
+msgid "If this option is not set or is 0 the automatic renewal is disabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:424
+msgid ""
+"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
+"option at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:428
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:438
+msgid "Default: not set, i.e. FAST is not used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:441
+msgid "NOTE: a keytab is required to use FAST."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:453
+msgid "krb5_fast_principal (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:456
+msgid "Specifies the server principal to use for FAST."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:465
+msgid ""
+"Specifies if the host and user principal should be canonicalized. This "
+"feature is available with MIT Kerberos 1.7 and later versions."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:514
+msgid "Default: false (AD provider: true)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:520
+msgid "krb5_map_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:523
+msgid ""
+"The list of mappings is given as a comma-separated list of pairs "
+"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user "
+"name and <quote>primary</quote> is a user part of a kerberos principal. This "
+"mapping is used when user is authenticating using <quote>auth_provider = "
+"krb5</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-krb5.5.xml:535
+#, no-wrap
+msgid ""
+"krb5_realm = REALM\n"
+"krb5_map_user = joe:juser,dick:richard\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:540
+msgid ""
+"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and "
+"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos "
+"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will "
+"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</"
+"quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:65
+msgid ""
+"If the auth-module krb5 is used in an SSSD domain, the following options "
+"must be used. See the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section "
+"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD "
+"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:566
+msgid ""
+"The following example assumes that SSSD is correctly configured and FOO is "
+"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
+"example shows only configuration of Kerberos authentication; it does not "
+"include any identity provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-krb5.5.xml:574
+#, no-wrap
+msgid ""
+"[domain/FOO]\n"
+"auth_provider = krb5\n"
+"krb5_server = 192.168.1.1\n"
+"krb5_realm = EXAMPLE.COM\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
+msgid "sss_groupadd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupadd.8.xml:16
+msgid "create a new group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupadd.8.xml:21
+msgid ""
+"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupadd.8.xml:32
+msgid ""
+"<command>sss_groupadd</command> creates a new group. These groups are "
+"compatible with POSIX groups, with the additional feature that they can "
+"contain other groups as members."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupadd.8.xml:43 sss_seed.8.xml:88
+msgid ""
+"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupadd.8.xml:48
+msgid ""
+"Set the GID of the group to the value of <replaceable>GID</replaceable>. If "
+"not given, it is chosen automatically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
+msgid "sss_userdel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_userdel.8.xml:16
+msgid "delete a user account"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_userdel.8.xml:21
+msgid ""
+"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_userdel.8.xml:32
+msgid ""
+"<command>sss_userdel</command> deletes a user identified by login name "
+"<replaceable>LOGIN</replaceable> from the system."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:44
+msgid "<option>-r</option>,<option>--remove</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:48
+msgid ""
+"Files in the user's home directory will be removed along with the home "
+"directory itself and the user's mail spool. Overrides the configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:56
+msgid "<option>-R</option>,<option>--no-remove</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:60
+msgid ""
+"Files in the user's home directory will NOT be removed along with the home "
+"directory itself and the user's mail spool. Overrides the configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:68
+msgid "<option>-f</option>,<option>--force</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:72
+msgid ""
+"This option forces <command>sss_userdel</command> to remove the user's home "
+"directory and mail spool, even if they are not owned by the specified user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:80
+msgid "<option>-k</option>,<option>--kick</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:84
+msgid "Before actually deleting the user, terminate all his processes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
+msgid "sss_groupdel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupdel.8.xml:16
+msgid "delete a group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupdel.8.xml:21
+msgid ""
+"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupdel.8.xml:32
+msgid ""
+"<command>sss_groupdel</command> deletes a group identified by its name "
+"<replaceable>GROUP</replaceable> from the system."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
+msgid "sss_groupshow"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupshow.8.xml:16
+msgid "print properties of a group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupshow.8.xml:21
+msgid ""
+"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupshow.8.xml:32
+msgid ""
+"<command>sss_groupshow</command> displays information about a group "
+"identified by its name <replaceable>GROUP</replaceable>. The information "
+"includes the group ID number, members of the group and the parent group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupshow.8.xml:43
+msgid "<option>-R</option>,<option>--recursive</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupshow.8.xml:47
+msgid ""
+"Also print indirect group members in a tree-like hierarchy. Note that this "
+"also affects printing parent groups - without <option>R</option>, only the "
+"direct parent will be printed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
+msgid "sss_usermod"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_usermod.8.xml:16
+msgid "modify a user account"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_usermod.8.xml:21
+msgid ""
+"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_usermod.8.xml:32
+msgid ""
+"<command>sss_usermod</command> modifies the account specified by "
+"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
+"on the command line."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:60
+msgid "The home directory of the user account."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:71
+msgid "The user's login shell."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:82
+msgid ""
+"Append this user to groups specified by the <replaceable>GROUPS</"
+"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
+"a comma separated list of group names."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:96
+msgid ""
+"Remove this user from groups specified by the <replaceable>GROUPS</"
+"replaceable> parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:103
+msgid "<option>-l</option>,<option>--lock</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:107
+msgid "Lock the user account. The user won't be able to log in."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:114
+msgid "<option>-u</option>,<option>--unlock</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:118
+msgid "Unlock the user account."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:129
+msgid "The SELinux user for the user's login."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:135
+msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:140
+msgid "Add an attribute/value pair. The format is attrname=value."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:147
+msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:152
+msgid ""
+"Set an attribute to a name/value pair. The format is attrname=value. For "
+"multi-valued attributes, the command replaces the values already present"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:160
+msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:165
+msgid "Delete an attribute/value pair. The format is attrname=value."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_cache.8.xml:10 sss_cache.8.xml:15
+msgid "sss_cache"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_cache.8.xml:16
+msgid "perform cache cleanup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_cache.8.xml:21
+msgid ""
+"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_cache.8.xml:31
+msgid ""
+"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated "
+"records are forced to be reloaded from server as soon as related SSSD "
+"backend is online."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:42
+msgid "<option>-E</option>,<option>--everything</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:46
+msgid "Invalidate all cached entries except for sudo rules."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:52
+msgid ""
+"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:57
+msgid "Invalidate specific user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:63
+msgid "<option>-U</option>,<option>--users</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:67
+msgid ""
+"Invalidate all user records. This option overrides invalidation of specific "
+"user if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:74
+msgid ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:79
+msgid "Invalidate specific group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:85
+msgid "<option>-G</option>,<option>--groups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:89
+msgid ""
+"Invalidate all group records. This option overrides invalidation of specific "
+"group if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:96
+msgid ""
+"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:101
+msgid "Invalidate specific netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:107
+msgid "<option>-N</option>,<option>--netgroups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:111
+msgid ""
+"Invalidate all netgroup records. This option overrides invalidation of "
+"specific netgroup if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:118
+msgid ""
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+msgid "Invalidate specific service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:129
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:133
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:140
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+msgid "Invalidate specific autofs maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:151
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:155
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:162
+msgid ""
+"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:167
+msgid "Invalidate SSH public keys of a specific host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:173
+msgid "<option>-H</option>,<option>--ssh-hosts</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:177
+msgid ""
+"Invalidate SSH public keys of all hosts. This option overrides invalidation "
+"of SSH public keys of specific host if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:185
+msgid ""
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
+msgid "Restrict invalidation process only to a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
+msgid "sss_debuglevel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_debuglevel.8.xml:16
+msgid "change debug level while SSSD is running"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_debuglevel.8.xml:21
+msgid ""
+"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
+"replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_debuglevel.8.xml:32
+msgid ""
+"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
+"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
+"running."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_debuglevel.8.xml:59
+msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_seed.8.xml:10 sss_seed.8.xml:15
+msgid "sss_seed"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_seed.8.xml:16
+msgid "seed the SSSD cache with a user"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_seed.8.xml:21
+msgid ""
+"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</"
+"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_seed.8.xml:33
+msgid ""
+"<command>sss_seed</command> seeds the SSSD cache with a user entry and "
+"temporary password. If a user entry is already present in the SSSD cache "
+"then the entry is updated with the temporary password."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_seed.8.xml:46
+msgid ""
+"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:51
+msgid ""
+"Provide the name of the domain in which the user is a member of. The domain "
+"is also used to retrieve user information. The domain must be configured in "
+"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. "
+"Information retrieved from the domain overrides what is provided in the "
+"options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_seed.8.xml:63
+msgid ""
+"<option>-n</option>,<option>--username</option> <replaceable>USER</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:68
+msgid ""
+"The username of the entry to be created or modified in the cache. The "
+"<replaceable>USER</replaceable> option must be provided."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:81
+msgid "Set the UID of the user to <replaceable>UID</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:93
+msgid "Set the GID of the user to <replaceable>GID</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:117
+msgid ""
+"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:129
+msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:140
+msgid ""
+"Interactive mode for entering user information. This option will only prompt "
+"for information not provided in the options or retrieved from the domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_seed.8.xml:148
+msgid ""
+"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:153
+msgid ""
+"Specify file to read user's password from. (if not specified password is "
+"prompted for)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_seed.8.xml:165
+msgid ""
+"The length of the password (or the size of file specified with -p or --"
+"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes "
+"on systems with no globally-defined PASS_MAX value)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+msgid "sssd-ifp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:46
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:53
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:59
+msgid ""
+"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:63
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:77
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:91
+msgid "name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:92
+msgid "user's login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:95
+msgid "uidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:96
+msgid "user ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:99
+msgid "gidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:100
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:103
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:104
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+msgid "homeDirectory"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+msgid "loginShell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+msgid "user shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:81
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:125
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:117
+msgid ""
+"It is possible to add another attribute to this set by using <quote>"
+"+attr_name</quote> or explicitly remove an attribute using <quote>-"
+"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
+"deny <quote>loginShell</quote>, you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:129
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:139
+msgid ""
+"Specifies an upper limit on the number of entries that are downloaded during "
+"a wildcard lookup that overrides caller-supplied limit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:144
+msgid "Default: 0 (let the caller set an upper limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refentryinfo>
+#: sss_rpcidmapd.5.xml:8
+msgid ""
+"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</"
+"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data "
+"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </"
+"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> "
+"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </"
+"author>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32
+msgid "sss_rpcidmapd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_rpcidmapd.5.xml:33
+msgid "sss plugin configuration directives for rpc.idmapd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_rpcidmapd.5.xml:37
+msgid "CONFIGURATION FILE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:39
+msgid ""
+"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd."
+"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_rpcidmapd.5.xml:49
+msgid "SSS CONFIGURATION EXTENSION"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_rpcidmapd.5.xml:51
+msgid "Enable SSS plugin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_rpcidmapd.5.xml:53
+msgid ""
+"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> "
+"attribute to contain <emphasis>sss</emphasis>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_rpcidmapd.5.xml:59
+msgid "[sss] config section"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_rpcidmapd.5.xml:61
+msgid ""
+"In order to change the default of one of the configuration attributes of the "
+"<emphasis>sss</emphasis> plugin listed below you will need to create a "
+"config section for it, named <quote>[sss]</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
+#: sss_rpcidmapd.5.xml:67
+msgid "Configuration attributes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sss_rpcidmapd.5.xml:69
+msgid "memcache (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sss_rpcidmapd.5.xml:72
+msgid "Indicates whether or not to use memcache optimisation technique."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_rpcidmapd.5.xml:85
+msgid "SSSD INTEGRATION"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:87
+msgid ""
+"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled "
+"in sssd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:91
+msgid ""
+"The attribute <quote>use_fully_qualified_names</quote> must be enabled on "
+"all domains (NFSv4 clients expect a fully qualified name to be sent on the "
+"wire)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_rpcidmapd.5.xml:103
+#, no-wrap
+msgid ""
+"[General]\n"
+"Verbosity = 2\n"
+"# domain must be synced between NFSv4 server and clients\n"
+"# Solaris/Illumos/AIX use \"localdomain\" as default!\n"
+"Domain = default\n"
+"\n"
+"[Mapping]\n"
+"Nobody-User = nfsnobody\n"
+"Nobody-Group = nfsnobody\n"
+"\n"
+"[Translation]\n"
+"Method = sss\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:100
+msgid ""
+"The following example shows a minimal idmapd.conf which makes use of the sss "
+"plugin. <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2
+msgid "SEE ALSO"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:122
+msgid ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
+msgid "sss_ssh_authorizedkeys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
+msgid "1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_authorizedkeys.1.xml:16
+msgid "get OpenSSH authorized keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_authorizedkeys.1.xml:21
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>USER</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:32
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
+"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
+"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> for more information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:41
+msgid ""
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
+"command> for public key user authentication if it is compiled with support "
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:59
+#, no-wrap
+msgid ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:52
+msgid ""
+"If <quote>AuthorizedKeysCommand</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by putting the following "
+"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:75
+msgid ""
+"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+msgid "EXIT STATUS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+msgid ""
+"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
+msgid "sss_ssh_knownhostsproxy"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_knownhostsproxy.1.xml:16
+msgid "get OpenSSH host keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_knownhostsproxy.1.xml:21
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
+"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:33
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
+"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
+"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
+"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/"
+"pubconf/known_hosts</filename> and estabilishes connection to the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:43
+msgid ""
+"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
+"create the connection to the host instead of opening a socket."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_knownhostsproxy.1.xml:55
+#, no-wrap
+msgid ""
+"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
+"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:48
+msgid ""
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</"
+"command> for host key authentication by using the following directives for "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_ssh_knownhostsproxy.1.xml:66
+msgid ""
+"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:71
+msgid ""
+"Use port <replaceable>PORT</replaceable> to connect to the host. By "
+"default, port 22 is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:83
+msgid ""
+"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/service_discovery.xml:2
+msgid "SERVICE DISCOVERY"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/service_discovery.xml:4
+msgid ""
+"The service discovery feature allows back ends to automatically find the "
+"appropriate servers to connect to using a special DNS query. This feature is "
+"not supported for backup servers."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
+msgid "Configuration"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:11
+msgid ""
+"If no servers are specified, the back end automatically uses service "
+"discovery to try to find a server. Optionally, the user may choose to use "
+"both fixed server addresses and service discovery by inserting a special "
+"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
+"preference is maintained. This feature is useful if, for example, the user "
+"prefers to use service discovery whenever possible, and fall back to a "
+"specific server when no servers can be discovered using DNS."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:23
+msgid "The domain name"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:25
+msgid ""
+"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for more details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:35
+msgid "The protocol"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:37
+msgid ""
+"The queries usually specify _tcp as the protocol. Exceptions are documented "
+"in respective option description."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:42
+msgid "See Also"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:44
+msgid ""
+"For more information on the service discovery mechanism, refer to RFC 2782."
+msgstr ""
+
+#. type: Content of: outside any tag (error?)
+#: include/upstream.xml:1
+msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/failover.xml:2
+msgid "FAILOVER"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/failover.xml:4
+msgid ""
+"The failover feature allows back ends to automatically switch to a different "
+"server if the current server fails."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:8
+msgid "Failover Syntax"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:10
+msgid ""
+"The list of servers is given as a comma-separated list; any number of spaces "
+"is allowed around the comma. The servers are listed in order of preference. "
+"The list can contain any number of servers."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:16
+msgid ""
+"For each failover-enabled config option, two variants exist: "
+"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is "
+"that servers in the primary list are preferred and backup servers are only "
+"searched if no primary servers can be reached. If a backup server is "
+"selected, a timeout of 31 seconds is set. After this timeout SSSD will "
+"periodically try to reconnect to one of the primary servers. If it succeeds, "
+"it will replace the current active (backup) server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:27
+msgid "The Failover Mechanism"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:29
+msgid ""
+"The failover mechanism distinguishes between a machine and a service. The "
+"back end first tries to resolve the hostname of a given machine; if this "
+"resolution attempt fails, the machine is considered offline. No further "
+"attempts are made to connect to this machine for any other service. If the "
+"resolution attempt succeeds, the back end tries to connect to a service on "
+"this machine. If the service connection attempt fails, then only this "
+"particular service is considered offline and the back end automatically "
+"switches over to the next service. The machine is still considered online "
+"and might still be tried for another service."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:42
+msgid ""
+"Further connection attempts are made to machines or services marked as "
+"offline after a specified period of time; this is currently hard coded to 30 "
+"seconds."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:47
+msgid ""
+"If there are no more machines to try, the back end as a whole switches to "
+"offline mode, and then attempts to reconnect every 30 seconds."
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:59
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:61
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:67
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:73
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:80
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:86
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:101
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:106
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:111
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:117
+msgid "Advanced Configuration"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:120
+msgid "ldap_idmap_range_min (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:123
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:127
+msgid ""
+"NOTE: This option is different from <quote>min_id</quote> in that "
+"<quote>min_id</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>min_id</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
+msgid "Default: 200000"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:142
+msgid "ldap_idmap_range_max (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:145
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:149
+msgid ""
+"NOTE: This option is different from <quote>max_id</quote> in that "
+"<quote>max_id</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>max_id</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:159
+msgid "Default: 2000200000"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:164
+msgid "ldap_idmap_range_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:167
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:186
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:196
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:199
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:210
+msgid "ldap_idmap_default_domain (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:213
+msgid "Specify the name of the default domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:221
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:224
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:229
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:234
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:273
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:275
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:281
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:284
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:285
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:286
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:287
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:288
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:289
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:291
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:295
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names can be used to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
+"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
+"names in <filename>sssd.conf</filename>."
+msgstr ""
+
+#. type: Content of: <varlistentry><term>
+#: include/param_help.xml:3
+msgid "<option>-?</option>,<option>--help</option>"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/param_help.xml:7 include/param_help_py.xml:7
+msgid "Display help message and exit."
+msgstr ""
+
+#. type: Content of: <varlistentry><term>
+#: include/param_help_py.xml:3
+msgid "<option>-h</option>,<option>--help</option>"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:3
+msgid ""
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:10
+msgid ""
+"Please note that each SSSD service logs into its own log file. Also please "
+"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> "
+"section only enables debugging just for the sssd process itself, not for the "
+"responder or provider processes. The <quote>debug_level</quote> parameter "
+"should be added to all sections that you wish to produce debug logs from."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:18
+msgid ""
+"In addition to changing the log level in the config file using the "
+"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD "
+"restart, it is also possible to change the debug level on the fly using the "
+"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry> tool."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:29
+msgid "Currently supported debug levels:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:32
+msgid ""
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
+"Anything that would prevent SSSD from starting up or causes it to cease "
+"running."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:38
+msgid ""
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill the SSSD, but one that indicates that at least one "
+"major feature is not going to work properly."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:45
+msgid ""
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:50
+msgid ""
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of 2."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:55
+msgid ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:59
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:63
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:67
+msgid ""
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:72
+msgid ""
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
+"internal variables that may be interesting."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:77
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:81
+msgid ""
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:85
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
+"serious failures and function data use 0x0270."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:89
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
+"function data, trace messages for internal control functions use 0x1310."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:94
+msgid ""
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:98
+msgid "<emphasis>Default</emphasis>: 0"
+msgstr ""
+
+#. type: Content of: outside any tag (error?)
+#: include/experimental.xml:1
+msgid ""
+"<emphasis> This is an experimental feature, please use http://fedorahosted."
+"org/sssd to report any issues. </emphasis>"
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/seealso.xml:4
+msgid ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
+"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
+"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> "
+"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:3
+msgid ""
+"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
+"for this attribute type."
+msgstr ""
+
+#. type: Content of: <listitem><para><programlisting>
+#: include/ldap_search_bases.xml:9
+#, no-wrap
+msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:7
+msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:13
+msgid ""
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
+"rfc4511"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:23
+msgid ""
+"For examples of this syntax, please refer to the <quote>ldap_search_base</"
+"quote> examples section."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:31
+msgid ""
+"Please note that specifying scope or filter is not supported for searches "
+"against an Active Directory Server that might yield a large number of "
+"results and trigger the Range Retrieval extension in the response."
+msgstr ""
+
+#. type: Content of: <para>
+#: include/autofs_restart.xml:2
+msgid ""
+"Please note that the automounter only reads the master map on startup, so if "
+"any autofs-related changes are made to the sssd.conf, you typically also "
+"need to restart the automounter daemon after restarting the SSSD."
+msgstr ""
+
+#. type: Content of: <varlistentry><term>
+#: include/override_homedir.xml:2
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:16
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:20
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: include/override_homedir.xml:23
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:24
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:28
+msgid "UPN - User Principal Name (name@REALM)"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: include/override_homedir.xml:31
+msgid "%o"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:33
+msgid "The original home directory retrieved from the identity provider."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: include/override_homedir.xml:38
+msgid "%H"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:40
+msgid "The value of configure option <emphasis>homedir_substring</emphasis>."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/override_homedir.xml:5
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/override_homedir.xml:52
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><programlisting>
+#: include/override_homedir.xml:57
+#, no-wrap
+msgid ""
+"override_homedir = /home/%u\n"
+" "
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/override_homedir.xml:61
+msgid "Default: Not set (SSSD will use the value retrieved from LDAP)"
+msgstr ""
+
+#. type: Content of: <varlistentry><term>
+#: include/homedir_substring.xml:2
+msgid "homedir_substring (string)"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/homedir_substring.xml:5
+msgid ""
+"The value of this option will be used in the expansion of the "
+"<emphasis>override_homedir</emphasis> option if the template contains the "
+"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly "
+"contain this template so that this option can be used to expand the home "
+"directory path for each client machine (or operating system). It can be set "
+"per-domain or globally in the [nss] section. A value specified in a domain "
+"section will override one set in the [nss] section."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/homedir_substring.xml:15
+msgid "Default: /home"
+msgstr ""
diff --git a/src/man/po/ru.po b/src/man/po/ru.po
index acb1b934a..2354aa72c 100644
--- a/src/man/po/ru.po
+++ b/src/man/po/ru.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Russian (http://www.transifex.com/projects/p/sssd/language/"
@@ -19,7 +19,7 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -62,7 +62,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -81,11 +81,11 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "ОПЦИИ"
@@ -216,113 +216,128 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
-msgid "debug_timestamps (bool)"
+msgid "debug (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:76
msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:89
+msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr "По умолчанию: false"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "По умолчанию: 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "службы"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -331,29 +346,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr "попыток_соединения (целое число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "По умолчанию: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "домены"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -363,19 +378,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -383,12 +398,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -396,58 +411,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -456,7 +471,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -464,69 +479,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -536,7 +551,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -546,20 +561,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -569,7 +584,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -578,12 +593,97 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+msgid "certificate_verification (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -594,12 +694,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -608,22 +708,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -633,17 +733,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -651,19 +751,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -673,12 +773,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -686,117 +786,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "По умолчанию: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -804,7 +852,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -814,7 +862,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -823,17 +871,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -841,60 +889,88 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "По умолчанию: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "reconnection_retries (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "попыток_соединения (целое число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr "По умолчанию: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -902,23 +978,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -926,47 +1002,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -974,103 +1050,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1081,72 +1164,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr "По умолчанию: 0 (неограничено)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1154,59 +1237,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr "По умолчанию: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr "В настоящее время sssd поддерживает следующие значения:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "По умолчанию: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1214,7 +1297,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1223,17 +1306,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1241,117 +1324,183 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1064
+#, no-wrap
+msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1083
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_locked_message = Account locked, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+msgid "pam_cert_db_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
msgid "p11_child_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1362,34 +1511,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1397,70 +1546,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
#| msgid "Default: gecos"
msgid "Default: /etc/pki/nssdb"
msgstr "По умолчанию: gecos"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1472,7 +1621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1483,24 +1632,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1508,12 +1657,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1521,25 +1670,39 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "reconnection_retries (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "попыток_соединения (целое число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1548,46 +1711,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr "По умолчанию: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1599,14 +1762,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1615,39 +1778,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1656,19 +1819,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1679,151 +1842,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1831,24 +1994,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1857,17 +2020,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1876,33 +2039,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1910,8 +2073,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1920,8 +2083,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1929,19 +2092,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1950,7 +2113,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1958,22 +2121,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1985,7 +2148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -1993,19 +2156,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2013,7 +2176,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2021,30 +2184,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2052,19 +2215,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2073,24 +2236,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2098,7 +2274,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2106,35 +2282,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2142,32 +2318,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2178,12 +2354,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2191,7 +2367,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2199,31 +2375,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2231,7 +2407,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2240,23 +2416,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2264,7 +2440,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2272,24 +2448,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2297,12 +2481,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2312,7 +2496,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2321,29 +2505,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2351,7 +2535,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2359,66 +2543,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "По умолчанию: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr "Поддерживаемые значения:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2426,70 +2610,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr "По умолчанию: использовать доменное имя из hostname"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2497,7 +2681,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2505,41 +2689,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2549,34 +2777,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
msgid "cached_auth_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2584,12 +2812,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2597,7 +2825,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2605,49 +2833,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2655,73 +2897,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr "По умолчанию: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr "По умолчанию: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2729,17 +2971,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr "По умолчанию: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2748,17 +2990,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr "По умолчанию: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2766,17 +3008,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr "По умолчанию: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2784,19 +3026,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "ПРИМЕР"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2826,7 +3068,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2872,7 +3114,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "ПАРАМЕТРЫ КОНФИГУРАЦИИ"
@@ -2972,8 +3214,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr ""
@@ -3262,14 +3504,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr "По умолчанию: modifyTimestamp"
@@ -3664,8 +3906,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
@@ -3869,19 +4111,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
-msgid "ldap_group_nesting_level (integer)"
+msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:948
msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3891,26 +4150,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3918,14 +4178,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3933,7 +4193,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3941,19 +4201,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3961,168 +4215,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4130,7 +4384,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4138,12 +4392,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4151,12 +4405,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4167,12 +4421,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4181,12 +4435,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4195,34 +4449,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4230,14 +4484,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4245,17 +4499,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4265,12 +4519,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4278,17 +4532,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4296,13 +4550,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4311,7 +4565,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4319,26 +4573,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4346,7 +4600,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4354,7 +4608,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4362,41 +4616,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4405,32 +4659,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4438,24 +4692,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4463,17 +4717,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4484,29 +4738,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4515,17 +4769,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4533,49 +4787,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4583,27 +4837,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4615,7 +4869,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4623,7 +4877,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4631,39 +4885,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4673,7 +4927,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4681,26 +4935,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4708,7 +4962,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4716,31 +4970,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4749,56 +5003,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4814,12 +5068,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4828,14 +5082,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4844,24 +5098,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4869,19 +5123,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4890,7 +5144,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4898,7 +5152,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4907,7 +5161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4915,22 +5169,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4940,14 +5194,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4960,12 +5214,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -4975,7 +5229,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -4985,49 +5239,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5036,74 +5290,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5114,7 +5368,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5122,24 +5376,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
msgid "wildcart_limit (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5154,12 +5408,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5167,208 +5421,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5376,101 +5630,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5479,110 +5733,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: root"
msgid "Default: automount"
msgstr "По умолчанию: root"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5591,32 +5845,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5625,22 +5879,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5649,7 +5903,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5657,7 +5911,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5670,26 +5924,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5705,13 +5959,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5746,11 +6000,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5758,34 +6013,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5793,31 +6048,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5825,36 +6080,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5862,7 +6117,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5871,25 +6126,56 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5897,7 +6183,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5909,7 +6195,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6068,7 +6354,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6216,7 +6502,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6224,14 +6510,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6246,12 +6532,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6272,12 +6558,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6301,7 +6587,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6311,7 +6597,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6328,12 +6614,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6341,12 +6627,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6365,50 +6651,50 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6518,7 +6804,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6592,26 +6878,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6630,7 +6916,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6928,13 +7214,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6944,15 +7231,15 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -6960,7 +7247,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -6973,7 +7260,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -6981,53 +7268,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7035,19 +7334,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7058,12 +7357,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7072,7 +7371,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7081,7 +7380,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7090,14 +7389,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7106,7 +7405,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7121,29 +7420,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7152,7 +7451,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7161,12 +7460,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7176,14 +7475,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7196,23 +7495,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7220,22 +7519,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7243,12 +7542,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7256,14 +7555,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7271,7 +7570,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7283,53 +7582,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7337,7 +7661,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7345,7 +7669,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7353,7 +7677,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7365,17 +7689,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7383,7 +7712,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7391,7 +7720,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7399,7 +7728,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7411,22 +7740,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7434,14 +7763,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7449,7 +7778,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7461,17 +7790,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7479,14 +7808,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7494,7 +7823,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7505,19 +7834,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7525,7 +7854,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7537,34 +7866,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7572,12 +7906,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7590,52 +7924,92 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: 30 days"
+msgstr "По умолчанию: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7646,36 +8020,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7683,7 +8057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7698,7 +8072,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7707,7 +8081,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7715,7 +8089,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7724,6 +8098,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8182,7 +8564,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8241,17 +8623,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8259,50 +8646,80 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:94
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8310,29 +8727,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8340,39 +8757,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8380,41 +8826,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "CONFIGURATION OPTIONS"
msgid "COMMON OPTIONS"
msgstr "ПАРАМЕТРЫ КОНФИГУРАЦИИ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
msgstr ""
@@ -9556,12 +10002,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10041,13 +10511,13 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10055,7 +10525,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10065,36 +10535,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10481,7 +10934,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10538,11 +10991,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10550,12 +11004,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10563,36 +11017,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10601,13 +11055,34 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10616,51 +11091,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot
index bccbdd58e..3795f678d 100644
--- a/src/man/po/sssd-docs.pot
+++ b/src/man/po/sssd-docs.pot
@@ -6,9 +6,9 @@
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: sssd-docs 1.13.1\n"
+"Project-Id-Version: sssd-docs 1.13.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -46,7 +46,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53 sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56 sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31
msgid "DESCRIPTION"
msgstr ""
@@ -58,7 +58,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr ""
@@ -186,104 +186,118 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
-msgid "debug_timestamps (bool)"
+msgid "debug (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:76
msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:89
+msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081 sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806 sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446 sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264 sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207 sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824 sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464 sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272 sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164 sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139 sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456 sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558 sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139 sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410 include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid "Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
@@ -293,29 +307,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -325,19 +339,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -345,12 +359,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> "
"<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes "
@@ -359,58 +373,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -419,7 +433,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -427,69 +441,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at "
"build-time. (__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -499,7 +513,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log "
@@ -509,17 +523,17 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480 sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576 sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498 sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614 sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -529,7 +543,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -538,12 +552,96 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+msgid "certificate_verification (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid "This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -554,12 +652,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -568,22 +666,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -593,17 +691,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -611,17 +709,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478 sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289 sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556 sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428 sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the "
"<quote>timeout</quote> option), it is first sent the SIGTERM signal that "
@@ -631,12 +729,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -644,117 +742,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987 sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) "
"service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -762,7 +809,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -772,7 +819,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -781,17 +828,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -799,58 +846,84 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+msgid "local_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set "
-"per-domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid "If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid "The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -858,22 +931,22 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533 include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081 sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -881,46 +954,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid "Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in "
"<quote>/etc/shells</quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in "
"<quote>/etc/shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -928,56 +1001,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the "
"machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during "
"lookup. This option can be specified globally in the [nss] section or "
@@ -985,48 +1058,55 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1038,72 +1118,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1111,59 +1191,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during "
"authentication. The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1171,7 +1251,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a "
@@ -1181,17 +1261,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1199,7 +1279,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be "
@@ -1207,109 +1287,172 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting "
"<emphasis>pwd_expiration_warning</emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid "all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087 sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1064
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_expired_message = Account expired, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048 sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866 include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+msgid "pam_cert_db_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
msgid "p11_child_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> "
@@ -1321,34 +1464,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1356,68 +1499,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
msgid "Default: /etc/pki/nssdb"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1429,7 +1572,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1440,24 +1583,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1465,12 +1608,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1478,25 +1621,37 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+msgid "pac_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For "
@@ -1505,46 +1660,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1556,14 +1711,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1572,39 +1727,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1613,19 +1768,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1636,150 +1791,150 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354 sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394 sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493 sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533 sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the "
"cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1787,24 +1942,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1813,17 +1968,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1832,34 +1987,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1867,7 +2022,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695 sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834 sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1876,7 +2031,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704 sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843 sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1884,19 +2039,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified "
"names. For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1905,7 +2060,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1913,22 +2068,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1940,7 +2095,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -1948,19 +2103,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1968,7 +2123,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1976,29 +2131,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid "<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2006,19 +2161,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> "
@@ -2027,24 +2182,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> for more information on configuring "
+"Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
@@ -2053,7 +2222,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2061,34 +2230,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid "<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2096,31 +2265,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073 sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2131,12 +2300,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2144,7 +2313,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2153,31 +2322,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2186,7 +2355,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2195,22 +2364,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid "The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2218,7 +2387,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2226,24 +2395,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2252,12 +2429,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2267,7 +2444,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: "
"<quote>(((?P&lt;domain&gt;[^\\\\]+)\\\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?P&lt;name&gt;[^@\\\\]+)$))</quote> "
@@ -2275,29 +2452,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2305,7 +2482,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2313,66 +2490,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax "
"(?P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2380,69 +2557,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263 sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2450,7 +2627,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2458,41 +2635,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2502,32 +2723,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid "The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid "Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
msgid "cached_auth_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2535,12 +2756,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2548,7 +2769,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called "
@@ -2557,49 +2778,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2607,73 +2842,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2681,17 +2916,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2700,17 +2935,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2718,17 +2953,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2736,17 +2971,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131 sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564 sss_rpcidmapd.5.xml:98
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131 sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564 sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2776,7 +3011,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2823,7 +3058,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88 sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89 sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2922,7 +3157,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212 sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220 sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr ""
@@ -3211,14 +3446,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3615,7 +3850,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077 sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095 sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
@@ -3819,19 +4054,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
-msgid "ldap_group_nesting_level (integer)"
+msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:948
msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
"If ldap_schema is set to a schema format that supports nested groups "
"(e.g. RFC2307bis), then this option controls how many levels of nesting SSSD "
"will follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3841,26 +4093,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3868,14 +4121,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3883,7 +4136,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink "
@@ -3891,18 +4144,13 @@ msgid ""
"MSDN(TM) documentation</ulink> for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321 sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3910,166 +4158,166 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid "The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid "The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4077,7 +4325,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4085,12 +4333,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4098,12 +4346,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> "
@@ -4114,12 +4362,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4128,12 +4376,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4142,34 +4390,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single "
"request. Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4177,7 +4425,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use "
@@ -4185,7 +4433,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4193,17 +4441,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4213,12 +4461,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4226,17 +4474,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4244,12 +4492,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid "You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4258,7 +4506,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4266,26 +4514,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4293,7 +4541,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4301,7 +4549,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4309,41 +4557,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in "
"<filename>/etc/openldap/ldap.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4352,32 +4600,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4385,24 +4633,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem "
"class=\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4410,17 +4658,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4431,29 +4679,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4463,17 +4711,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4481,49 +4729,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4531,27 +4779,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of "
@@ -4563,7 +4811,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4571,7 +4819,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of "
"SSSD. While the legacy name is recognized for the time being, users are "
@@ -4580,39 +4828,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4622,7 +4870,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> "
"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> "
@@ -4631,26 +4879,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client "
"side. The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use "
"<citerefentry><refentrytitle>shadow</refentrytitle> "
@@ -4659,7 +4907,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4667,31 +4915,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4700,56 +4948,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4766,12 +5014,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4780,14 +5028,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4796,24 +5044,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4821,19 +5069,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4842,7 +5090,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, "
"<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check "
@@ -4850,7 +5098,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4859,7 +5107,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option "
"<emphasis>must</emphasis> include <quote>expire</quote> in order for the "
@@ -4867,22 +5115,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4892,7 +5140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the "
"<quote>ppolicy</quote> option and might be removed in a future release. "
@@ -4900,7 +5148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4913,12 +5161,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -4928,7 +5176,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -4938,48 +5186,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid "Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -4988,74 +5236,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5066,7 +5314,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5074,24 +5322,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
msgid "wildcart_limit (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5106,12 +5354,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5119,208 +5367,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval "
"</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5328,100 +5576,100 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441 sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is "
"<emphasis>false</emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5430,108 +5678,108 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
msgid "Default: automount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder "
"type=\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" "
@@ -5541,32 +5789,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5575,22 +5823,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5599,7 +5847,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5607,7 +5855,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5620,24 +5868,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139 sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139 sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5653,12 +5901,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5694,11 +5942,12 @@ msgid ""
"<replaceable>retry=N</replaceable> </arg> <arg choice='opt'> "
"<replaceable>ignore_unknown_user</replaceable> </arg> <arg choice='opt'> "
"<replaceable>ignore_authinfo_unavail</replaceable> </arg> <arg choice='opt'> "
-"<replaceable>domains=X</replaceable> </arg>"
+"<replaceable>domains=X</replaceable> </arg> <arg choice='opt'> "
+"<replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5706,34 +5955,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5742,31 +5991,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5774,36 +6023,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5811,7 +6060,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5820,25 +6069,56 @@ msgid ""
"these two PAM responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be "
@@ -5847,7 +6127,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file "
"<filename>pam_sss_pw_reset_message.LOC</filename> where LOC stands for a "
@@ -5860,7 +6140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory "
"<filename>/etc/sssd/customize/DOMAIN_NAME/</filename>. If no matching file "
@@ -6019,7 +6299,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
@@ -6170,7 +6450,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6178,14 +6458,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the "
"<quote>dyndns_iface</quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6200,12 +6480,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6226,12 +6506,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6255,7 +6535,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6265,7 +6545,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6283,12 +6563,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6296,12 +6576,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6320,50 +6600,50 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6472,7 +6752,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6546,26 +6826,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6583,7 +6863,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6882,13 +7162,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always "
+"auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -6899,15 +7180,16 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs "
+"provider. No configuration of the access provider is required on the client "
+"side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -6915,7 +7197,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -6928,7 +7210,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as "
"case-insensitive in the AD provider for compatibility with Active "
@@ -6936,53 +7218,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -6990,19 +7284,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7013,12 +7307,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the "
@@ -7027,7 +7321,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or "
"forest. This extended filter would consist of: "
@@ -7036,7 +7330,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then "
"<quote>NAME</quote> specifies the domain or subdomain the filter applies "
@@ -7045,14 +7339,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the "
@@ -7061,7 +7355,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7076,29 +7370,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7107,7 +7401,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7116,12 +7410,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7131,14 +7425,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7151,22 +7445,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid "disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7174,22 +7468,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7197,12 +7491,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7210,14 +7504,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7225,7 +7519,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7237,52 +7531,77 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537 sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575 sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7290,7 +7609,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7298,7 +7617,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7306,7 +7625,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7318,17 +7637,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7336,7 +7660,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7344,7 +7668,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7352,7 +7676,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7364,22 +7688,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7387,14 +7711,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7402,7 +7726,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7414,17 +7738,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7432,14 +7756,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7447,7 +7771,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using "
"<quote>+service_name</quote>. Since the default set is empty, it is not "
@@ -7458,19 +7782,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7478,7 +7802,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7490,34 +7814,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7525,12 +7854,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7543,52 +7872,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+msgid "Default: 30 days"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal "
+"task. The option expect 2 integers seperated by a colon (':'). The first "
+"integer defines the interval in seconds how often the task is run. The "
+"second specifies the inital timeout in seconds before the task is run for "
+"the first time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7599,29 +7966,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise "
"principal. See section 5 of RFC 6806 for more details about enterprise "
@@ -7629,7 +7996,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and "
"example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
@@ -7637,7 +8004,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7652,7 +8019,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7661,7 +8028,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7669,7 +8036,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7678,6 +8045,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8138,7 +8513,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80 sss_ssh_knownhostsproxy.1.xml:78
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70 sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> "
"<replaceable>DOMAIN</replaceable>"
@@ -8195,17 +8570,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8213,7 +8593,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> "
"<optional><option>-n,--name</option> NAME</optional> "
@@ -8221,43 +8601,74 @@ msgid ""
"<optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> "
"<optional><option>-s,--shell</option> SHELL</optional> "
-"<optional><option>-c,--gecos</option> GECOS</optional>"
+"<optional><option>-c,--gecos</option> GECOS</optional> "
+"<optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> "
+"DOMAIN</optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8265,22 +8676,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in "
"<emphasis>FILE</emphasis>. See <emphasis>user-import</emphasis> for data "
@@ -8288,7 +8699,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> "
"<optional><option>-n,--name</option> NAME</optional> "
@@ -8296,39 +8707,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> "
+"DOMAIN</optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8336,22 +8776,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in "
"<emphasis>FILE</emphasis>. See <emphasis>group-import</emphasis> for data "
@@ -8359,17 +8799,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
msgid "COMMON OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
msgstr ""
@@ -9512,12 +9952,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
msgid ""
+"<option>-r</option>,<option>--sudo-rule</option> "
+"<replaceable>rule</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
"<option>-d</option>,<option>--domain</option> "
"<replaceable>domain</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:190
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -9998,14 +10462,15 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> "
"<manvolnum>8</manvolnum></citerefentry> can be configured to use "
"<command>sss_ssh_authorizedkeys</command> for public key user authentication "
-"if it is compiled with support for either "
-"<quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</quote> "
-"<citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"if it is compiled with support for <quote>AuthorizedKeysCommand</quote> "
+"option. Please refer to the <citerefentry> "
+"<refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> man page for more details about this "
+"option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10013,7 +10478,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> "
@@ -10024,37 +10489,20 @@ msgid ""
"type=\"programlisting\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> "
-"<manvolnum>8</manvolnum></citerefentry> can be configured to use it by using "
-"the following directive for <citerefentry> "
-"<refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> "
-"configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain "
"<replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is "
"returned."
@@ -10444,7 +10892,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10502,11 +10950,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10514,12 +10963,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10527,36 +10976,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10565,13 +11014,34 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10580,51 +11050,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
diff --git a/src/man/po/tg.po b/src/man/po/tg.po
index f9ab8df87..006cc6b40 100644
--- a/src/man/po/tg.po
+++ b/src/man/po/tg.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/"
@@ -17,7 +17,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -60,7 +60,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -79,11 +79,11 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "ИМКОНОТҲО"
@@ -214,113 +214,128 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
-msgid "debug_timestamps (bool)"
+msgid "debug (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:76
msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:89
+msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr "Пешфарз: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr "Пешфарз: false"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "Пешфарз: 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -329,29 +344,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "Пешфарз: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -361,19 +376,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -381,12 +396,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -394,58 +409,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -454,7 +469,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -462,69 +477,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -534,7 +549,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -544,20 +559,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -567,7 +582,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -576,12 +591,97 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+msgid "certificate_verification (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -592,12 +692,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -606,22 +706,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -631,17 +731,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -649,19 +749,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -671,12 +771,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -684,117 +784,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "Пешфарз: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -802,7 +850,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -812,7 +860,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -821,17 +869,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr "Пешфарз: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -839,60 +887,86 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "Пешфарз: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+msgid "local_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Пешфарз: 0"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr "Пешфарз: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -900,23 +974,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -924,47 +998,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -972,103 +1046,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr "Пешфарз: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1079,72 +1160,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr "Пешфарз: 0 (Номаҳдуд)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1152,59 +1233,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr "Пешфарз: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "Пешфарз: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1212,7 +1293,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1221,17 +1302,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1239,117 +1320,183 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Пешфарз: 0"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1064
+#, no-wrap
+msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1083
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_locked_message = Account locked, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+msgid "pam_cert_db_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
msgid "p11_child_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1360,34 +1507,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1395,70 +1542,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
#| msgid "Default: /bin/sh"
msgid "Default: /etc/pki/nssdb"
msgstr "Пешфарз: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1470,7 +1617,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1481,24 +1628,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1506,12 +1653,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1519,25 +1666,37 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+msgid "pac_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1546,46 +1705,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr "Пешфарз: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1597,14 +1756,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1613,39 +1772,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1654,19 +1813,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1677,151 +1836,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr "Пешфарз: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1829,24 +1988,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1855,17 +2014,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr "Пешфарз: 0 (номаҳдуд)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1874,33 +2033,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1908,8 +2067,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1918,8 +2077,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1927,19 +2086,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1948,7 +2107,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1956,22 +2115,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1983,7 +2142,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -1991,19 +2150,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2011,7 +2170,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2019,30 +2178,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2050,19 +2209,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2071,24 +2230,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2096,7 +2268,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2104,35 +2276,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2140,32 +2312,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2176,12 +2348,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2189,7 +2361,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2197,31 +2369,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2229,7 +2401,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2238,23 +2410,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2262,7 +2434,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2270,24 +2442,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2295,12 +2475,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2310,7 +2490,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2319,29 +2499,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2349,7 +2529,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2357,66 +2537,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2424,70 +2604,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr "Пешфарз: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2495,7 +2675,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2503,41 +2683,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2547,34 +2771,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
msgid "cached_auth_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2582,12 +2806,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2595,7 +2819,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2603,49 +2827,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2653,73 +2891,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr "Пешфарз: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2727,17 +2965,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2746,17 +2984,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2764,17 +3002,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2782,19 +3020,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "НАМУНА"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2824,7 +3062,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2870,7 +3108,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2970,8 +3208,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr "Намунаҳо:"
@@ -3260,14 +3498,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3662,8 +3900,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
@@ -3867,19 +4105,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
-msgid "ldap_group_nesting_level (integer)"
+msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:948
msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3889,26 +4144,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr "Пешфарз: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3916,14 +4172,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3931,7 +4187,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3939,19 +4195,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3959,168 +4209,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4128,7 +4378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4136,12 +4386,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4149,12 +4399,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4165,12 +4415,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4179,12 +4429,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4193,34 +4443,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4228,14 +4478,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4243,17 +4493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4263,12 +4513,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4276,17 +4526,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4294,13 +4544,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4309,7 +4559,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4317,26 +4567,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4344,7 +4594,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4352,7 +4602,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4360,41 +4610,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4403,32 +4653,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4436,24 +4686,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4461,17 +4711,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4482,29 +4732,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4513,17 +4763,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4531,49 +4781,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr "Пешфарз: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4581,27 +4831,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4613,7 +4863,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4621,7 +4871,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4629,39 +4879,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4671,7 +4921,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4679,26 +4929,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4706,7 +4956,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4714,31 +4964,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4747,56 +4997,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4812,12 +5062,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr "Намуна:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4826,14 +5076,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4842,24 +5092,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4867,19 +5117,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4888,7 +5138,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4896,7 +5146,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4905,7 +5155,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4913,22 +5163,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4938,14 +5188,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4958,12 +5208,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -4973,7 +5223,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -4983,49 +5233,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5034,74 +5284,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5112,7 +5362,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5120,24 +5370,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
msgid "wildcart_limit (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5152,12 +5402,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5165,208 +5415,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5374,101 +5624,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5477,110 +5727,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: root"
msgid "Default: automount"
msgstr "Пешфарз: root"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5589,32 +5839,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5623,22 +5873,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5647,7 +5897,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5655,7 +5905,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5668,26 +5918,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5703,13 +5953,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "ЭЗОҲҲО"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5744,11 +5994,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5756,34 +6007,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5791,31 +6042,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5823,36 +6074,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5860,7 +6111,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5869,25 +6120,56 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr "ФАЙЛҲО"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5895,7 +6177,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5907,7 +6189,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6066,7 +6348,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6214,7 +6496,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6222,14 +6504,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6244,12 +6526,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6270,12 +6552,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6299,7 +6581,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6309,7 +6591,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6326,12 +6608,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6339,12 +6621,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6363,50 +6645,50 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6516,7 +6798,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6590,26 +6872,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6628,7 +6910,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6926,13 +7208,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6942,15 +7225,15 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -6958,7 +7241,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -6971,7 +7254,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -6979,53 +7262,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7033,19 +7328,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7056,12 +7351,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7070,7 +7365,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7079,7 +7374,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7088,14 +7383,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7104,7 +7399,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7119,29 +7414,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7150,7 +7445,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7159,12 +7454,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7174,14 +7469,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7194,23 +7489,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7218,22 +7513,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7241,12 +7536,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7254,14 +7549,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7269,7 +7564,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7281,53 +7576,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7335,7 +7655,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7343,7 +7663,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7351,7 +7671,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7363,17 +7683,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7381,7 +7706,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7389,7 +7714,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7397,7 +7722,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7409,22 +7734,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7432,14 +7757,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7447,7 +7772,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7459,17 +7784,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7477,14 +7802,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7492,7 +7817,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7503,19 +7828,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7523,7 +7848,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7535,34 +7860,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7570,12 +7900,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7588,52 +7918,92 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: 30 days"
+msgstr "Пешфарз: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7644,36 +8014,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7681,7 +8051,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7696,7 +8066,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7705,7 +8075,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7713,7 +8083,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7722,6 +8092,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8180,7 +8558,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8239,17 +8617,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8257,50 +8640,80 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:94
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8308,29 +8721,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8338,39 +8751,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8378,41 +8820,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "OPTIONS"
msgid "COMMON OPTIONS"
msgstr "ИМКОНОТҲО"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
msgstr ""
@@ -9554,12 +9996,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10039,13 +10505,13 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10053,7 +10519,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10063,36 +10529,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10479,7 +10928,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10536,11 +10985,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10548,12 +10998,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10561,36 +11011,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10599,13 +11049,34 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10614,51 +11085,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
diff --git a/src/man/po/uk.po b/src/man/po/uk.po
index 7516ead33..6ec905452 100644
--- a/src/man/po/uk.po
+++ b/src/man/po/uk.po
@@ -11,7 +11,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2015-06-26 04:33-0400\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian (http://www.transifex.com/projects/p/sssd/language/"
@@ -22,7 +22,7 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -68,7 +68,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -89,11 +89,11 @@ msgstr ""
"внесених за допомогою командного рядка."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "ПАРАМЕТРИ"
@@ -253,11 +253,27 @@ msgstr "debug_level (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
+#, fuzzy
+#| msgid "debug_level (integer)"
+msgid "debug (integer)"
+msgstr "debug_level (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:89
msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
@@ -267,21 +283,21 @@ msgstr ""
"проігноровано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr "Типове значення: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
@@ -291,31 +307,31 @@ msgstr ""
"journald, цей параметр буде проігноровано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr "Типове значення: false"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr "Параметри які можна використовувати у розділах SERVICE та DOMAIN"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr "timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
@@ -323,33 +339,34 @@ msgstr ""
"Проміжок у секундах між циклами роботи цієї служби. Використовується для "
"перевірки працездатності процесу та його змоги відповідати на запити."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "Типове значення: 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr "ОСОБЛИВІ РОЗДІЛИ"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr "Розділ [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr "Параметри розділу"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr "config_file_version (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -358,12 +375,12 @@ msgstr ""
"0.6.0 та пізніших слід використовувати версію 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "services"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
@@ -371,7 +388,7 @@ msgstr ""
"запуску sssd."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -384,12 +401,12 @@ msgstr ""
"\">, pac</phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -399,17 +416,17 @@ msgstr ""
"визнання подальших спроб безнадійними."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "Типове значення: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "domains"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -425,12 +442,12 @@ msgstr ""
"ASCII, дефісів, крапок та знаків підкреслювання."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr "re_expression (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
@@ -439,7 +456,7 @@ msgstr ""
"користувача і доменом на його частини."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -451,12 +468,12 @@ msgstr ""
"ДОМЕНІВ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr "full_name_format (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -468,32 +485,32 @@ msgstr ""
"домену."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr "%1$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr "ім’я користувача"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr "%2$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr "назва домену у форматі, вказаному у файлі налаштувань SSSD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr "%3$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
@@ -502,7 +519,7 @@ msgstr ""
"Directory, налаштованих та автоматично виявлених за зв’язками довіри IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
@@ -511,7 +528,7 @@ msgstr ""
"\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
@@ -520,12 +537,12 @@ msgstr ""
"про ці рядки можна дізнатися з довідки до РОЗДІЛІВ ДОМЕНІВ."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr "try_inotify (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -538,7 +555,7 @@ msgstr ""
"виконуватиметься опитування resolv.conf кожні п’ять секунд."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -548,7 +565,7 @@ msgstr ""
"рідкісних випадках слід встановити для цього параметра значення «false»."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -557,7 +574,7 @@ msgstr ""
"інших платформах."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -567,12 +584,12 @@ msgstr ""
"опитування файла."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -581,7 +598,7 @@ msgstr ""
"Kerberos."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
@@ -591,7 +608,7 @@ msgstr ""
"для кешу відтворення."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
@@ -600,12 +617,12 @@ msgstr ""
"(__LIBKRB5_DEFAULTS__, якщо не вказано)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr "user (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
@@ -614,17 +631,17 @@ msgstr ""
"щоб уникнути роботи від імені користувача root."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr "Типове значення: не встановлено, процес буде запущено від імені root"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr "default_domain_suffix (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -640,7 +657,7 @@ msgstr ""
"лише імені користувача без додавання до нього назви домену."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -656,20 +673,20 @@ msgstr ""
"use_fully_qualified_names рівним False."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr "Типове значення: not set"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr "override_space (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -684,7 +701,7 @@ msgstr ""
"через типовий роздільник полів у оболонці."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -697,12 +714,112 @@ msgstr ""
"але, загалом, результат пошуку буде невизначеним."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr "Типове значення: не встановлено (пробіли не замінятимуться)"
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+#, fuzzy
+#| msgid "ldap_user_certificate (string)"
+msgid "certificate_verification (string)"
+msgstr "ldap_user_certificate (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+#, fuzzy
+#| msgid "These options can be used to configure the InfoPipe responder."
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+"Цими параметрами можна скористатися для налаштовування відповідача InfoPipe."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+#, fuzzy
+#| msgid ""
+#| "Treat user and group names as case sensitive. At the moment, this option "
+#| "is not supported in the local provider. Possible option values are: "
+#| "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+"Враховувати регістр записів імен користувачів та назв груп. У поточній "
+"версії підтримку передбачено лише для локальних надавачів даних. Можливі "
+"значення параметра: <placeholder type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+#, fuzzy
+#| msgid "Default: not set, i.e. service discovery is disabled"
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -718,12 +835,12 @@ msgstr ""
"профілів. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr "РОЗДІЛИ СЛУЖБ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -736,22 +853,22 @@ msgstr ""
"у розділі <quote>[nss]</quote>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr "Загальні параметри налаштування служб"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr "Цими параметрами можна скористатися для налаштування будь-яких служб."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr "fd_limit"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -767,17 +884,17 @@ msgstr ""
"цього параметра і обмеженням \"hard\" у limits.conf."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr "Типове значення: 8192 (або обмеження у limits.conf \"hard\")"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr "client_idle_timeout"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -789,19 +906,19 @@ msgstr ""
"вичерпання ресурсів системи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr "Типове значення: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr "force_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -817,12 +934,12 @@ msgstr ""
"сигналу SIGKILL."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr "offline_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -834,12 +951,12 @@ msgstr ""
"значення вказується у секундах і обчислюється за такою формулою:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr "час_очікування_для_переходу_у_автономний_режим + випадковий_зсув"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
@@ -849,12 +966,12 @@ msgstr ""
"таким чином:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr "новий_інтервал = старий_інтервал*2 + випадковий_зсув"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
@@ -864,71 +981,13 @@ msgstr ""
"обмежено однією годиною. Якщо обчислена тривалість нового інтервалу "
"перевищує годину, буде встановлено інтервал у одну годину."
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr "subdomain_inherit (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-"Визначає список параметрів налаштування, які слід успадковувати для "
-"піддомену. Будь ласка, зауважте, що успадковуватимуться лише вказані "
-"параметри. У поточній версії передбачено можливість успадковування таких "
-"параметрів:"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr "ignore_group_members"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr "ldap_purge_cache_timeout"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr "ldap_use_tokengroups"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr "ldap_user_principal"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr "Приклад: <placeholder type=\"programlisting\" id=\"0\"/>"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr "Типове значення: none"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr "Параметри налаштування NSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -936,12 +995,12 @@ msgstr ""
"Switch (NSS або перемикання служби визначення назв)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -950,17 +1009,17 @@ msgstr ""
"кеші nss_sss у секундах"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "Типове значення: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -971,7 +1030,7 @@ msgstr ""
"entry_cache_timeout для домену період часу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -986,7 +1045,7 @@ msgstr ""
"розблокування після оновлення кешу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -1000,17 +1059,17 @@ msgstr ""
"можливість."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr "Типове значення: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -1021,22 +1080,55 @@ msgstr ""
"даних, зокрема неіснуючих) перед повторним запитом до сервера обробки."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "Типове значення: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "autofs_negative_timeout (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "autofs_negative_timeout (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+#, fuzzy
+#| msgid ""
+#| "Specifies for how many seconds nss_sss should cache negative cache hits "
+#| "(that is, queries for invalid database entries, like nonexistent ones) "
+#| "before asking the back end again."
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+"Визначає кількість секунд, протягом яких nss_sss має кешувати негативні "
+"результати пошуку у кеші (тобто запити щодо некоректних записів у базі "
+"даних, зокрема неіснуючих) перед повторним запитом до сервера обробки."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Типове значення: 0"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
+#, fuzzy
+#| msgid ""
+#| "Exclude certain users from being fetched from the sss NSS database. This "
+#| "is particularly useful for system accounts. This option can also be set "
+#| "per-domain or include fully-qualified names to filter only users from the "
+#| "particular domain."
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
"Виключити певних користувачів зі списку отримання даних з бази даних NSS "
"sss. Таке виключення може бути корисним для облікових записів керування "
@@ -1045,17 +1137,26 @@ msgstr ""
"списку користувачами лише з певного домену."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr "Типове значення: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -1063,12 +1164,12 @@ msgstr ""
"встановіть для цього параметра значення «false»."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr "fallback_homedir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
@@ -1077,7 +1178,7 @@ msgstr ""
"каталог не вказано явним чином засобом надання даних домену."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
@@ -1085,7 +1186,7 @@ msgstr ""
"для параметра override_homedir."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -1095,25 +1196,25 @@ msgstr ""
" "
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "приклад: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
"Типове значення: не встановлено (без замін для невстановлених домашніх "
"каталогів)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr "override_shell (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -1125,19 +1226,19 @@ msgstr ""
"або для кожного з доменів окремо."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
"Типове значення: не встановлено (SSSD використовуватиме значення, отримане "
"від LDAP)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr "allowed_shells (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -1145,13 +1246,13 @@ msgstr ""
"визначення оболонки є таким:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
"1. Якщо оболонку вказано у <quote>/etc/shells</quote>, її буде використано."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -1161,7 +1262,7 @@ msgstr ""
"shell_fallback."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -1170,14 +1271,14 @@ msgstr ""
"<quote>/etc/shells</quote>, буде використано оболонку nologin."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
"Для визначення будь-якої командної оболонки можна скористатися шаблоном "
"заміни (*)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1189,12 +1290,12 @@ msgstr ""
"справою."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr "Порожній рядок оболонки буде передано без обробки до libc."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -1203,29 +1304,29 @@ msgstr ""
"тобто у разі встановлення нової оболонки слід перезапустити SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
"Типове значення: не встановлено. Автоматично використовується оболонка "
"користувача."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr "Замінити всі записи цих оболонок на shell_fallback"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr "shell_fallback (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -1233,17 +1334,17 @@ msgstr ""
"системі не встановлено."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr "Типове значення: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr "default_shell"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
@@ -1253,7 +1354,7 @@ msgstr ""
"або на загальному рівні у розділі [nss], або окремо для кожного з доменів."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
@@ -1263,12 +1364,12 @@ msgstr ""
"зазвичай /bin/sh)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr "get_domains_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
@@ -1277,31 +1378,48 @@ msgstr ""
"чинним."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr "memcache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
+#, fuzzy
+#| msgid ""
+#| "Specifies time in seconds for which records in the in-memory cache will "
+#| "be valid"
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
"Визначає час у секундах, протягом якого список піддоменів вважатиметься "
"чинним."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr "Типове значення: 300"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+#, fuzzy
+#| msgid ""
+#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+#| "applications will not use the fast in memory cache."
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+"Якщо для змінної середовища SSS_NSS_USE_MEMCACHE встановлено значення «NO», "
+"клієнтські програми не використовуватимуть fast у кеші у пам’яті."
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr "user_attributes (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
#, fuzzy
#| msgid ""
#| "Some of the additional NSS responder requests can return more attributes "
@@ -1326,7 +1444,7 @@ msgstr ""
"manvolnum> </citerefentry>, щоб дізнатися більше), але без типових значень."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
@@ -1335,19 +1453,19 @@ msgstr ""
"на те, чи не встановлено його для відповідача NSS."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
"Типове значення: не встановлено, резервне значення визначається за "
"параметром InfoPipe"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr "Параметри налаштування PAM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -1356,12 +1474,12 @@ msgstr ""
"Authentication Module (PAM або блокового модуля розпізнавання)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -1371,17 +1489,17 @@ msgstr ""
"входу до системи)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr "Типове значення: 0 (без обмежень)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -1390,12 +1508,12 @@ msgstr ""
"дозволену кількість спроб входу з визначенням помилкового пароля."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -1405,7 +1523,7 @@ msgstr ""
"системи."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1417,17 +1535,17 @@ msgstr ""
"увімкнути можливість автономного розпізнавання."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr "Типове значення: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1436,43 +1554,43 @@ msgstr ""
"розпізнавання. Чим більшим є значення, тим більше повідомлень буде показано."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr "У поточній версії sssd передбачено підтримку таких значень:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: не показувати жодних повідомлень"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: показувати лише важливі повідомлення"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: показувати всі інформаційні повідомлення"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis>: показувати всі повідомлення та діагностичні дані"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "Типове значення: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1483,7 +1601,7 @@ msgstr ""
"що розпізнавання виконується на основі найсвіжіших даних."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1497,18 +1615,18 @@ msgstr ""
"надання даних профілів."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
"Показати попередження за вказану кількість днів перед завершенням дії пароля."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1519,7 +1637,7 @@ msgstr ""
"попередження."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
@@ -1529,7 +1647,7 @@ msgstr ""
"буде автоматично показано."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
@@ -1537,36 +1655,39 @@ msgstr ""
"Цей параметр може бути перевизначено встановленням параметра "
"<emphasis>pwd_expiration_warning</emphasis> для окремого домену."
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Типове значення: 0"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr "pam_trusted_users (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
+#, fuzzy
+#| msgid ""
+#| "Specifies the comma-separated list of UID values or user names that are "
+#| "allowed to access the InfoPipe responder. User names are resolved to UIDs "
+#| "at startup."
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
-"Визначає список значень UID або імен користувачів, відокремлених комами. \n"
-"Користувачам з цього списку буде дозволено доступ до відповідача PAM. UID "
-"за \n"
-"іменами користувачів визначатимуться під час запуску."
+"Визначає список значень UID або імен користувачів, відокремлених комами. "
+"Користувачам з цього списку буде дозволено доступ до відповідача InfoPipe. "
+"UID за іменами користувачів визначатимуться під час запуску."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+#, fuzzy
+#| msgid "Default: all (All users are allowed to access the PAM responder)"
+msgid "Default: All users are considered trusted by default"
msgstr ""
"Типове значення: all (Доступ до відповідача PAM отримують усі користувачі)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
@@ -1575,12 +1696,12 @@ msgstr ""
"відповідача PAM, навіть якщо користувача немає у списку pam_trusted_users."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr "pam_public_domains (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
@@ -1589,12 +1710,12 @@ msgstr ""
"отримувати навіть ненадійні користувачі."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr "Визначено два спеціальних значення параметра pam_public_domains:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
@@ -1602,7 +1723,7 @@ msgstr ""
"PAM.)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
@@ -1610,52 +1731,131 @@ msgstr ""
"none (Ненадійним користувачам заборонено доступ до усіх доменів PAM у "
"відповідачі.)"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr "Типове значення: none"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr "pam_account_expired_message (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
msgstr ""
-"Якщо користувач проходить розпізнавання за допомогою ключів SSH, а строк дії "
-"облікового запису вичерпано, буде виведено типове повідомлення про заборону "
-"доступу («Permission denied»). Це повідомлення буде змінено на вміст "
-"змінної, якщо її значення буде встановлено."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
-#, no-wrap
+#: sssd.conf.5.xml:1064
+#, fuzzy, no-wrap
+#| msgid ""
+#| "pam_account_expired_message = Account expired, please call help desk.\n"
+#| " "
msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
"pam_account_expired_message = Account expired, please call help desk.\n"
" "
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1073
+#, fuzzy
+#| msgid "pam_account_expired_message (string)"
+msgid "pam_account_locked_message (string)"
+msgstr "pam_account_expired_message (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, fuzzy, no-wrap
+#| msgid ""
+#| "pam_account_expired_message = Account expired, please call help desk.\n"
+#| " "
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
msgstr ""
"pam_account_expired_message = Account expired, please call help desk.\n"
" "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1092
+#, fuzzy
+#| msgid "enumerate (bool)"
+msgid "pam_cert_auth (bool)"
+msgstr "enumerate (булеве значення)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr "Типове значення: False"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+#, fuzzy
+#| msgid "krb5_confd_path (string)"
+msgid "pam_cert_db_path (string)"
+msgstr "krb5_confd_path (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
#, fuzzy
#| msgid "pam_id_timeout (integer)"
msgid "p11_child_timeout (integer)"
msgstr "pam_id_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr "Параметри налаштування SUDO"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1673,12 +1873,12 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr "sudo_timed (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
@@ -1687,22 +1887,22 @@ msgstr ""
"призначені для визначення часових обмежень для записів sudoers."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr "Параметри налаштування AUTOFS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr "Цими параметрами можна скористатися для налаштування служби autofs."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1713,22 +1913,22 @@ msgstr ""
"базі даних, зокрема неіснуючих) перед повторним запитом до сервера обробки."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr "Параметри налаштувань SSH"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr "Цими параметрами можна скористатися для налаштування служби SSH."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr "ssh_hash_known_hosts (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
@@ -1736,12 +1936,12 @@ msgstr ""
"Чи слід хешувати назви та адреси вузлів у керованому файлі known_hosts."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr "ssh_known_hosts_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
@@ -1750,38 +1950,38 @@ msgstr ""
"файлі known_hosts після надсилання запиту щодо ключів вузла."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr "Типове значення: 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
#, fuzzy
#| msgid "mail_dir (string)"
msgid "ca_db (string)"
msgstr "mail_dir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
#| msgid "Default: /etc/krb5.keytab"
msgid "Default: /etc/pki/nssdb"
msgstr "Типове значення: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr "Параметри налаштування відповідача PAC"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1800,7 +2000,7 @@ msgstr ""
"декодовано і визначено, виконуються деякі з таких дій:"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1818,7 +2018,7 @@ msgstr ""
"параметра default_shell."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
@@ -1827,18 +2027,18 @@ msgstr ""
"додано до цих груп."
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
"Цими параметрами можна скористатися для налаштовування відповідача PAC."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr "allowed_uids (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1849,14 +2049,14 @@ msgstr ""
"іменами користувачів визначатимуться під час запуску."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
"Типове значення: 0 (доступ до відповідача PAC має лише адміністративний "
"користувач (root))"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1869,18 +2069,32 @@ msgstr ""
"бути типовим варіантом, вам слід додати до списку UID з правами доступу "
"запис 0."
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "pam_id_timeout (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "pam_id_timeout (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr "РОЗДІЛИ ДОМЕНІВ"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (ціле значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1889,7 +2103,7 @@ msgstr ""
"відповідає цим обмеженням, його буде проігноровано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1902,7 +2116,7 @@ msgstr ""
"основної групи і належать діапазону, буде виведено у звичайному режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
@@ -1911,17 +2125,17 @@ msgstr ""
"лише повернення записів за назвою або ідентифікатором."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Типові значення: 1 для min_id, 0 (без обмежень) для max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr "enumerate (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1930,22 +2144,22 @@ msgstr ""
"значень:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = користувачі і групи нумеруються"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = не використовувати нумерацію для цього домену"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr "Типове значення: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1964,7 +2178,7 @@ msgstr ""
"повторне визначення параметрів участі також іноді є складним завданням."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1974,7 +2188,7 @@ msgstr ""
"завершено."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1988,7 +2202,7 @@ msgstr ""
"відповідного використаного засобу обробки ідентифікаторів (id_provider)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
@@ -1997,32 +2211,32 @@ msgstr ""
"об’ємних середовищах."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr "subdomain_enumerate (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr "all"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr "Усі виявлені надійні домени буде пронумеровано"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr "none"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr "Нумерація виявлених надійних доменів не виконуватиметься"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2035,12 +2249,12 @@ msgstr ""
"доменів, для яких буде увімкнено нумерацію."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -2049,7 +2263,7 @@ msgstr ""
"надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2066,17 +2280,17 @@ msgstr ""
"<manvolnum>8</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr "Типове значення: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
@@ -2085,19 +2299,19 @@ msgstr ""
"чинними, перш ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr "Типове значення: entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
@@ -2106,12 +2320,12 @@ msgstr ""
"ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
@@ -2120,12 +2334,12 @@ msgstr ""
"чинними, перш ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
@@ -2134,12 +2348,12 @@ msgstr ""
"ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr "entry_cache_sudo_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
@@ -2148,12 +2362,12 @@ msgstr ""
"надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr "entry_cache_autofs_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
@@ -2162,12 +2376,12 @@ msgstr ""
"чинними, перш ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr "entry_cache_ssh_host_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
@@ -2177,12 +2391,12 @@ msgstr ""
"вузла у кеші."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr "refresh_expired_interval (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
@@ -2192,7 +2406,7 @@ msgstr ""
"вичерпано або майже вичерпано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
@@ -2200,42 +2414,42 @@ msgstr ""
"груп та мережевих груп у кеші."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
"Варто визначити для цього параметра значення 3/4 * entry_cache_timeout."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr "Типове значення: 0 (вимкнено)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr "cache_credentials (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"Визначає, чи слід також кешувати реєстраційні дані користувача у локальному "
"кеші LDB"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"Реєстраційні дані користувача зберігаються у форматі хешу SHA512, а не у "
"форматі звичайного тексту"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr "cache_credentials_minimal_first_factor_length (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
#, fuzzy
#| msgid ""
#| "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
@@ -2252,7 +2466,7 @@ msgstr ""
"контрольної суми SHA512 у кеші."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
@@ -2262,17 +2476,17 @@ msgstr ""
"мішенню атак із перебиранням паролів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr "Типове значення: 8"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -2285,17 +2499,17 @@ msgstr ""
"offline_credentials_expiration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr "Типове значення: 0 (без обмежень)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr "pwd_expiration_warning (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -2308,17 +2522,17 @@ msgstr ""
"даних розпізнавання."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr "Типове значення: 7 (Kerberos), 0 (LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr "id_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
@@ -2326,17 +2540,17 @@ msgstr ""
"Серед підтримуваних засобів такі:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr "«proxy»: підтримка застарілого модуля надання даних NSS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr "<quote>local</quote>: вбудований засіб SSSD для локальних користувачів"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2347,8 +2561,8 @@ msgstr ""
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2361,8 +2575,8 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2374,12 +2588,12 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
@@ -2389,7 +2603,7 @@ msgstr ""
"NSS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2402,7 +2616,7 @@ msgstr ""
"не покаже користувача, а <command>getent passwd test@LOCAL</command> покаже."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -2413,22 +2627,22 @@ msgstr ""
"груп, якщо задано неповну назву, буде виконано пошук у всіх доменах."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr "Типове значення: FALSE (TRUE, якщо використано default_domain_suffix)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr "ignore_group_members (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr "Не повертати записи учасників груп для пошуків груп."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -2447,7 +2661,7 @@ msgstr ""
"$groupname</quote> поверне запитану групу так, наче вона була порожня."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -2458,12 +2672,12 @@ msgstr ""
"учасників."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr "auth_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -2472,7 +2686,7 @@ msgstr ""
"служб розпізнавання:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2484,7 +2698,7 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2496,18 +2710,18 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr "<quote>proxy</quote> — трансльоване розпізнавання у іншій системі PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> — вимкнути розпізнавання повністю."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -2516,12 +2730,12 @@ msgstr ""
"спосіб встановлено і можлива обробка запитів щодо розпізнавання."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr "access_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2532,7 +2746,7 @@ msgstr ""
"Вбудованими програмами є:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
@@ -2541,12 +2755,12 @@ msgstr ""
"доступу для локального домену."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> — завжди забороняти доступ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2559,17 +2773,43 @@ msgstr ""
"refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+#, fuzzy
+#| msgid ""
+#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
+#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring Kerberos."
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+"<quote>krb5</quote> — вбудоване розпізнавання Kerberos. Докладніші відомості "
+"щодо налаштовування Kerberos викладено у довіднику з <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum></manvolnum> </"
+"citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+#, fuzzy
+#| msgid ""
+#| "<quote>proxy</quote> for relaying password changes to some other PAM "
+#| "target."
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr "Типове значення: <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr "chpass_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -2578,7 +2818,7 @@ msgstr ""
"підтримку таких систем зміни паролів:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2590,7 +2830,7 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2602,18 +2842,18 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr "<quote>none</quote> — явно вимкнути можливість зміни пароля."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -2622,19 +2862,19 @@ msgstr ""
"цього параметра і якщо система здатна обробляти запити щодо паролів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr "sudo_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
"Служба SUDO, яку використано для цього домену. Серед підтримуваних служб "
"SUDO:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2646,7 +2886,7 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
@@ -2655,7 +2895,7 @@ msgstr ""
"параметрами IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
@@ -2664,20 +2904,20 @@ msgstr ""
"параметрами AD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "<quote>none</quote> явним чином вимикає SUDO."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
"Типове значення: використовується значення <quote>id_provider</quote>, якщо "
"його встановлено."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2696,12 +2936,12 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr "selinux_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2712,7 +2952,7 @@ msgstr ""
"доступу. Передбачено підтримку таких засобів надання даних SELinux:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2724,14 +2964,14 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
"<quote>none</quote> явним чином забороняє отримання даних щодо параметрів "
"SELinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
@@ -2740,12 +2980,12 @@ msgstr ""
"спосіб встановлено і можлива обробка запитів щодо завантаження SELinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr "subdomains_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
@@ -2755,7 +2995,7 @@ msgstr ""
"підтримку таких засобів надання даних піддоменів:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2767,7 +3007,7 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2780,17 +3020,17 @@ msgstr ""
"налаштовування засобу надання даних AD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr "<quote>none</quote> забороняє ячним чином отримання даних піддоменів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr "autofs_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
@@ -2798,7 +3038,7 @@ msgstr ""
"autofs:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2810,7 +3050,7 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2822,17 +3062,34 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+#, fuzzy
+#| msgid ""
+#| "<quote>ipa</quote> to load maps stored in an IPA server. See "
+#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring IPA."
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+"<quote>ipa</quote> — завантажити карти, що зберігається на сервері IPA. "
+"Докладніші відомості щодо налаштовування IPA викладено у довіднику з "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum></"
+"manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr "<quote>none</quote> вимикає autofs повністю."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr "hostid_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
@@ -2841,7 +3098,7 @@ msgstr ""
"вузла. Серед підтримуваних засобів надання hostid:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2853,12 +3110,12 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr "<quote>none</quote> вимикає hostid повністю."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2872,7 +3129,7 @@ msgstr ""
"IPA та доменів Active Directory, простій назві (NetBIOS) домену."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2885,22 +3142,22 @@ msgstr ""
"різні стилі запису імен користувачів:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr "користувач"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr "користувач@назва.домену"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr "домен\\користувач"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
@@ -2909,7 +3166,7 @@ msgstr ""
"того, щоб полегшити інтеграцію користувачів з доменів Windows."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2920,7 +3177,7 @@ msgstr ""
"домену — все після цього символу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2932,7 +3189,7 @@ msgstr ""
"платформах з версією libpcre 7."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2942,17 +3199,17 @@ msgstr ""
"підшаблонів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Типове значення: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -2961,48 +3218,48 @@ msgstr ""
"під час виконання пошуків у DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr "Передбачено підтримку таких значень:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
"ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі "
"спробувати формат IPv6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
"ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
"ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі "
"спробувати формат IPv4"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
"ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr "Типове значення: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -3013,18 +3270,18 @@ msgstr ""
"очікування буде перевищено, домен продовжуватиме роботу у автономному режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr "Типове значення: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -3033,54 +3290,54 @@ msgstr ""
"частину запиту визначення служб DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
"Типова поведінка: використовувати назву домену з назви вузла комп’ютера."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr "override_gid (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr "Замірити значення основного GID на вказане."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr "case_sensitive (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr "True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
"Враховується регістр. Це значення є некоректним для засобу надання даних AD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr "False"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr "Без врахування регістру."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr "Preserving"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -3092,7 +3349,7 @@ msgstr ""
"буде переведено у нижній регістр."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -3103,47 +3360,93 @@ msgstr ""
"значення параметра: <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr "Типове значення: True (False для засобу надання даних AD)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
-msgstr "proxy_fast_alias (булеве значення)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
+msgstr "subdomain_inherit (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
msgstr ""
-"Під час пошуку запису користувача чи групи за назвою у системі надання даних "
-"переадресації виконується вторинний пошук за ідентифікатором з метою "
-"визначення «канонічної» форми назви, якщо результат знайдено за "
-"альтернативною назвою (псевдонімом). Встановлення для цього параметра "
-"значення «true» призведе до того, що SSSD виконуватиме пошук ідентифікатора "
-"у кеші, щоб пришвидшити надання результатів."
+"Визначає список параметрів налаштування, які слід успадковувати для "
+"піддомену. Будь ласка, зауважте, що успадковуватимуться лише вказані "
+"параметри. У поточній версії передбачено можливість успадковування таких "
+"параметрів:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr "ignore_group_members"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr "ldap_purge_cache_timeout"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr "ldap_use_tokengroups"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr "ldap_user_principal"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr "Приклад: <placeholder type=\"programlisting\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+#, fuzzy
+#| msgid "This option is not available in IPA provider."
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr "Цим параметром не можна скористатися у надавачі даних IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr "subdomain_homedir (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr "%F"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr "спрощена (NetBIOS) назва піддомену."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -3158,7 +3461,7 @@ msgstr ""
"emphasis>. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
@@ -3166,17 +3469,17 @@ msgstr ""
"emphasis>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr "Типове значення: <filename>/home/%d/%u</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr "realmd_tags (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
@@ -3184,14 +3487,14 @@ msgstr ""
"домену."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
#, fuzzy
#| msgid "memcache_timeout (int)"
msgid "cached_auth_timeout (int)"
msgstr "memcache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -3199,12 +3502,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3212,7 +3515,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3223,17 +3526,17 @@ msgstr ""
"quote> <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr "Комп’ютер, для якого виконує проксі-сервер PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -3242,12 +3545,12 @@ msgstr ""
"налаштуваннями pam або створити нові і тут додати назву служби."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3257,8 +3560,28 @@ msgstr ""
"NSS шукаються у бібліотеці у форматі _nss_$(назва_бібліотеки)_$(функція), "
"наприклад _nss_files_getpwent."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr "proxy_fast_alias (булеве значення)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+"Під час пошуку запису користувача чи групи за назвою у системі надання даних "
+"переадресації виконується вторинний пошук за ідентифікатором з метою "
+"визначення «канонічної» форми назви, якщо результат знайдено за "
+"альтернативною назвою (псевдонімом). Встановлення для цього параметра "
+"значення «true» призведе до того, що SSSD виконуватиме пошук ідентифікатора "
+"у кеші, щоб пришвидшити надання результатів."
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -3267,12 +3590,12 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr "Розділ локального домену"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -3283,29 +3606,29 @@ msgstr ""
"використовує <replaceable>id_provider=local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr "default_shell (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"Типова оболонка для записів користувачів, створених за допомогою "
"інструментів простору користувачів SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Типове значення: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr "base_directory (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -3314,17 +3637,17 @@ msgstr ""
"replaceable> і використовують отриману адресу як адресу домашнього каталогу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr "Типове значення: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr "create_homedir (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -3333,17 +3656,17 @@ msgstr ""
"Може бути перевизначено з командного рядка."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr "Типове значення: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr "remove_homedir (булівське значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -3352,12 +3675,12 @@ msgstr ""
"користувачів. Може бути перевизначено з командного рядка."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr "homedir_umask (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3368,17 +3691,17 @@ msgstr ""
"до щойно створеного домашнього каталогу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr "Типове значення: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr "skel_dir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -3391,17 +3714,17 @@ msgstr ""
"<manvolnum>8</manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Типове значення: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr "mail_dir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -3412,17 +3735,17 @@ msgstr ""
"каталог не вказано, буде використано типове значення."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr "Типове значення: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -3433,19 +3756,19 @@ msgstr ""
"вилучається. Код виконання, повернутий програмою не обробляється."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr "Типове значення: None, не виконувати жодних команд"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "ПРИКЛАД"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -3499,7 +3822,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -3563,7 +3886,7 @@ msgstr ""
"більше про використання LDAP, як засобу керування доступом."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "ПАРАМЕТРИ НАЛАШТУВАННЯ"
@@ -3683,8 +4006,8 @@ msgstr ""
"специфікації http://www.ietf.org/rfc/rfc2254.txt"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr "Приклади:"
@@ -4008,7 +4331,7 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -4017,7 +4340,7 @@ msgstr ""
"об’єкта."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr "Типове значення: modifyTimestamp"
@@ -4484,8 +4807,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "Атрибут LDAP, що відповідає повному імені користувача."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr "Типове значення: cn"
@@ -4717,11 +5040,34 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
+#, fuzzy
+#| msgid "ldap_group_member (string)"
+msgid "ldap_group_external_member (string)"
+msgstr "ldap_group_member (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:948
+msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+#, fuzzy
+#| msgid "Default: groupType in the AD provider, othewise not set"
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+"Типове значення: groupType у засобі надання даних AD, у інших засобах не "
+"встановлено"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:948
+#: sssd-ldap.5.xml:964
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4733,7 +5079,7 @@ msgstr ""
"параметра буде проігноровано, якщо використано схему RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -4749,12 +5095,19 @@ msgstr ""
"початкового пошуку, якщо запити щодо пошуку надходять повторно."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
+#, fuzzy
+#| msgid ""
+#| "If ldap_group_nesting_level is set to 0 then no nested groups are "
+#| "processed at all. However, when connected to Active-Directory Server 2008 "
+#| "and later it is furthermore required to disable usage of Token-Groups by "
+#| "setting ldap_use_tokengroups to false."
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
"Якщо значенням ldap_group_nesting_level є 0, вкладені групи взагалі не "
"оброблятимуться. Втім, якщо з’єднання встановлено з Active-Directory Server "
@@ -4763,17 +5116,17 @@ msgstr ""
"ldap_use_tokengroups значення false."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr "Типове значення: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr "ldap_groups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -4785,7 +5138,7 @@ msgstr ""
"високим рівнем вкладеності."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
@@ -4794,7 +5147,7 @@ msgstr ""
"можна буде спостерігати лише у дуже складних випадках вкладеності груп."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -4805,7 +5158,7 @@ msgstr ""
"можливості. Отже, насправді значення «True» означає «визначити автоматично»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4817,19 +5170,13 @@ msgstr ""
"можна дізнатися з <ulink url=\"http://msdn.microsoft.com/en-us/library/"
"windows/desktop/aa746475%28v=vs.85%29.aspx\">документації MSDN(TM)</ulink>."
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr "Типове значення: False"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr "ldap_initgroups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4842,7 +5189,7 @@ msgstr ""
"вкладеності."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
@@ -4852,115 +5199,115 @@ msgstr ""
"Directory Server 2008 та новіших версій."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr "Типове значення: True для AD і IPA, інакше False."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr "Клас об’єктів запису мережевої групи (netgroup) у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr "У надавачі даних IPA має бути використано ipa_netgroup_object_class."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr "Типове значення: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "Атрибут LDAP, що відповідає назві мережевої групи (netgroup)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr "У надавачі даних IPA має бути використано ipa_netgroup_name."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
"Атрибут LDAP, у якому містяться імена учасників мережевої групи (netgroup)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr "У надавачі даних IPA має бути використано ipa_netgroup_member."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr "Типове значення: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
"Атрибут LDAP, що містить трійки мережевої групи (вузол, користувач, домен)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr "Цим параметром не можна скористатися у надавачі даних IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr "Типове значення: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr "Клас об’єктів запису служби у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr "Типове значення: ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
@@ -4968,48 +5315,48 @@ msgstr ""
"Атрибут LDAP, що містить назву атрибутів служби та замінників цих атрибутів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "Атрибут LDAP, що містить номер порту, яким керує ця служба."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr "Типове значення: ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr "Атрибут LDAP, що містить протоколи, за яким може працювати ця служба."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr "Типове значення: ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -5020,7 +5367,7 @@ msgstr ""
"автономного режиму роботи)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -5031,12 +5378,12 @@ msgstr ""
"окремих типів пошуків."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -5047,12 +5394,12 @@ msgstr ""
"кешованих даних (і переходом до автономного режиму роботи)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -5069,12 +5416,12 @@ msgstr ""
"citerefentry> повертається до стану бездіяльності."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -5088,12 +5435,12 @@ msgstr ""
"розширеної операції зі зміни пароля та дії StartTLS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (ціле значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -5107,17 +5454,17 @@ msgstr ""
"дії TGT)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr "Типове значення: 900 (15 хвилин)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -5127,17 +5474,17 @@ msgstr ""
"один запит."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr "Типове значення: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr "ldap_disable_paging (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -5148,7 +5495,7 @@ msgstr ""
"RootDSE, але цю підтримку не увімкнено або вона не працює належним чином."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
@@ -5158,7 +5505,7 @@ msgstr ""
"підтримкою не можна скористатися."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -5169,17 +5516,17 @@ msgstr ""
"це може призвести до відмови у виконанні запитів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr "ldap_disable_range_retrieval (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr "Вимкнути отримання діапазону Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5195,12 +5542,12 @@ msgstr ""
"буде представлено як такі, у яких немає учасників."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr "ldap_sasl_minssf (ціле значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -5211,19 +5558,19 @@ msgstr ""
"параметра визначається OpenLDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
"Типове значення: типове для системи значення (зазвичай, визначається у ldap."
"conf)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5235,7 +5582,7 @@ msgstr ""
"виконуватиметься окремо."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
@@ -5243,7 +5590,7 @@ msgstr ""
"(розіменуванням), якщо вкажете значення 0."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -5256,7 +5603,7 @@ msgstr ""
"OpenLDAP та Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -5267,12 +5614,12 @@ msgstr ""
"незалежно від використання цього параметра."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -5282,7 +5629,7 @@ msgstr ""
"таких значень:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -5291,7 +5638,7 @@ msgstr ""
"жодних сертифікатів сервера."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5303,7 +5650,7 @@ msgstr ""
"режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5314,7 +5661,7 @@ msgstr ""
"надано помилковий сертифікат, негайно перервати сеанс."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -5325,22 +5672,22 @@ msgstr ""
"перервати сеанс."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr "Типове значення: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -5349,7 +5696,7 @@ msgstr ""
"розпізнаються <command>sssd</command>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -5358,12 +5705,12 @@ msgstr ""
"у <filename>/etc/openldap/ldap.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -5376,32 +5723,32 @@ msgstr ""
"<command>cacertdir_rehash</command>, якщо ця програма є доступною."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr "Визначає файл, який містить сертифікат для ключа клієнта."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr "Визначає файл, у якому міститься ключ клієнта."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5413,12 +5760,12 @@ msgstr ""
"<manvolnum>5</manvolnum></citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -5427,12 +5774,12 @@ msgstr ""
"class=\"protocol\">tls</systemitem> для захисту каналу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr "ldap_id_mapping (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5444,19 +5791,19 @@ msgstr ""
"ldap_group_gid_number."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
"У поточній версії у цій можливості передбачено підтримку лише встановлення "
"відповідності objectSID у ActiveDirectory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr "ldap_min_id, ldap_max_id (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -5476,18 +5823,18 @@ msgstr ""
"ідентифікаторів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
"Типове значення: не встановлено (обидва параметри встановлено у значення 0)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -5496,12 +5843,12 @@ msgstr ""
"перевірено і підтримується лише механізм GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -5516,17 +5863,17 @@ msgstr ""
"myhost)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr "Типове значення: вузол/назва_вузла@ОБЛАСТЬ"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr "ldap_sasl_realm (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -5538,17 +5885,17 @@ msgstr ""
"проігноровано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr "Типове значення: значення krb5_realm."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -5558,34 +5905,34 @@ msgstr ""
"SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr "Типове значення: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "Визначає таблицю ключів, яку слід використовувати разом з SASL/GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Типове значення: системна таблиця ключів, зазвичай <filename>/etc/krb5."
"keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -5596,27 +5943,27 @@ msgstr ""
"механізм GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Визначає строк дії (у секундах) TGT, якщо використовується GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr "Типове значення: 86400 (24 години)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr "krb5_server, krb5_backup_server (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5635,7 +5982,7 @@ msgstr ""
"про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5647,7 +5994,7 @@ msgstr ""
"вдасться знайти."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -5658,29 +6005,29 @@ msgstr ""
"варто перейти на використання «krb5_server» у файлах налаштувань."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "Вказати область Kerberos (для розпізнавання за SASL/GSSAPI)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</"
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -5690,12 +6037,12 @@ msgstr ""
"версії MIT Kerberos >= 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr "krb5_use_kdcinfo (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5710,7 +6057,7 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5721,12 +6068,12 @@ msgstr ""
"manvolnum> </citerefentry>, щоб дізнатися більше про додаток пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -5735,7 +6082,7 @@ msgstr ""
"використовувати такі значення:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -5744,7 +6091,7 @@ msgstr ""
"разі використання цього варіанта перевірку на боці сервера вимкнено не буде."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5755,7 +6102,7 @@ msgstr ""
"manvolnum></citerefentry> для визначення того, чи чинним є пароль."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5766,7 +6113,7 @@ msgstr ""
"скористайтеся chpass_provider=krb5 для оновлення цих атрибутів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
@@ -5776,18 +6123,18 @@ msgstr ""
"встановленими за допомогою цього параметра."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
"Визначає, чи має бути увімкнено автоматичне визначення напрямків пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -5796,7 +6143,7 @@ msgstr ""
"з версією OpenLDAP 2.4.13 або новішою версією."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5810,28 +6157,28 @@ msgstr ""
"«false» може значно пришвидшити роботу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"Визначає назву служби, яку буде використано у разі вмикання визначення служб."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr "Типове значення: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -5840,17 +6187,17 @@ msgstr ""
"уможливлює зміну паролів, у разі вмикання визначення служб."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr "ldap_chpass_update_last_change (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
@@ -5859,12 +6206,12 @@ msgstr ""
"щодо кількості днів з часу виконання дії зі зміни пароля."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5893,12 +6240,12 @@ msgstr ""
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr "Приклад:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -5910,7 +6257,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
@@ -5919,7 +6266,7 @@ msgstr ""
"employeeType встановлено у значення «admin»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -5933,17 +6280,17 @@ msgstr ""
"таких прав не було надано, у автономному режимі їх також не буде надано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr "Типове значення: порожній рядок"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -5952,7 +6299,7 @@ msgstr ""
"керування доступом на боці клієнта."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5963,12 +6310,12 @@ msgstr ""
"з відповідним кодом помилки, навіть якщо вказано правильний пароль."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr "Можна використовувати такі значення:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -5977,7 +6324,7 @@ msgstr ""
"визначити, чи завершено строк дії облікового запису."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5990,7 +6337,7 @@ msgstr ""
"Також буде перевірено, чи не вичерпано строк дії облікового запису."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -6001,7 +6348,7 @@ msgstr ""
"ldap_ns_account_lock."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -6014,7 +6361,7 @@ msgstr ""
"атрибутів, надати доступ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -6025,24 +6372,24 @@ msgstr ""
"користуватися параметром ldap_account_expire_policy."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"Список відокремлених комами параметрів керування доступом. Можливі значення "
"списку:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6057,7 +6404,7 @@ msgstr ""
"для працездатності цієї можливості слід встановити «access_provider = ldap»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
@@ -6067,7 +6414,7 @@ msgstr ""
"emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6090,13 +6437,13 @@ msgstr ""
"параметра слід встановити значення «access_provider = ldap»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
"<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -6111,7 +6458,7 @@ msgstr ""
"наприклад на ключах SSH."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -6126,7 +6473,7 @@ msgstr ""
"негайно змінити пароль."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
@@ -6134,7 +6481,7 @@ msgstr ""
"від SSSD не надходитиме."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
@@ -6144,7 +6491,7 @@ msgstr ""
"параметра «ldap_pwd_policy» відповідні правила поводження із паролями."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -6153,19 +6500,19 @@ msgstr ""
"можливості доступу атрибут authorizedService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити "
"права доступу"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr "Типове значення: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -6174,12 +6521,12 @@ msgstr ""
"використано декілька разів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr "ldap_pwdlockout_dn (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -6193,22 +6540,22 @@ msgstr ""
"можна буде перевірити належним чином."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr "Приклад: cn=ppolicy,ou=policies,dc=example,dc=com"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr "Типове значення: cn=ppolicy,ou=policies,$ldap_search_base"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr "ldap_deref (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -6217,13 +6564,13 @@ msgstr ""
"пошуку. Можливі такі варіанти:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
"<emphasis>never</emphasis>: ніколи не виконувати розіменування псевдонімів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -6233,7 +6580,7 @@ msgstr ""
"пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -6242,7 +6589,7 @@ msgstr ""
"під час визначення місця основного об’єкта пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -6251,7 +6598,7 @@ msgstr ""
"час пошуку, так і під час визначення місця основного об’єкта пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -6260,12 +6607,12 @@ msgstr ""
"сценарієм <emphasis>never</emphasis>)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr "ldap_rfc2307_fallback_to_local_users (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
@@ -6274,7 +6621,7 @@ msgstr ""
"серверів, у яких використовується схема RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -6292,7 +6639,7 @@ msgstr ""
"користувачів за допомогою виклику getpw*() або initgroups()."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -6304,26 +6651,26 @@ msgstr ""
"групами LDAP."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
#, fuzzy
#| msgid "ldap_opt_timeout (integer)"
msgid "wildcart_limit (integer)"
msgstr "ldap_opt_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -6343,12 +6690,12 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr "ПАРАМЕТРИ SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -6359,52 +6706,52 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr "Клас об’єктів запису правила sudo у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr "Типове значення: sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "Атрибут LDAP, що відповідає назві правила sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr "Атрибут LDAP, що відповідає назві команди."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr "Типове значення: sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
@@ -6413,17 +6760,17 @@ msgstr ""
"вузла, мережевій групі вузла)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr "Типове значення: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
@@ -6432,32 +6779,32 @@ msgstr ""
"або назві мережевої групи користувача)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr "Типове значення: sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "Атрибут LDAP, що відповідає параметрам sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr "Типове значення: sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
@@ -6466,17 +6813,17 @@ msgstr ""
"команди."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr "Типове значення: sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
@@ -6485,17 +6832,17 @@ msgstr ""
"виконувати команди."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr "Типове значення: sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
@@ -6503,49 +6850,49 @@ msgstr ""
"Атрибут LDAP, що відповідає даті і часу набуття чинності правилом sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr "Типове значення: sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr "Атрибут LDAP, що відповідає даті і часу втрати чинності правилом sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr "Типове значення: sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "Атрибут LDAP, що відповідає порядковому номеру правила."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr "Типове значення: sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr "ldap_sudo_full_refresh_interval (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
@@ -6555,7 +6902,7 @@ msgstr ""
"набір правил, що зберігаються на сервері."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
@@ -6564,17 +6911,17 @@ msgstr ""
"<emphasis>ldap_sudo_smart_refresh_interval </emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr "Типове значення: 21600 (6 годин)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr "ldap_sudo_smart_refresh_interval (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -6585,7 +6932,7 @@ msgstr ""
"правил, USN яких перевищує найбільше значення USN у кешованих правилах."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
@@ -6594,12 +6941,12 @@ msgstr ""
"дані атрибута modifyTimestamp."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr "ldap_sudo_use_host_filter (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -6609,12 +6956,12 @@ msgstr ""
"назв вузлів)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr "ldap_sudo_hostnames (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
@@ -6623,7 +6970,7 @@ msgstr ""
"фільтрування списку правил."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
@@ -6632,8 +6979,8 @@ msgstr ""
"назву вузла та повну назву комп’ютера у домені у автоматичному режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
@@ -6642,17 +6989,17 @@ msgstr ""
"<emphasis>false</emphasis>, цей параметр ні на що не впливатиме."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr "Типове значення: не вказано"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr "ldap_sudo_ip (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
@@ -6661,7 +7008,7 @@ msgstr ""
"правил."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
@@ -6670,12 +7017,12 @@ msgstr ""
"адресу у автоматичному режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr "ldap_sudo_include_netgroups (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
@@ -6684,12 +7031,12 @@ msgstr ""
"мережеву групу (netgroup) у атрибуті sudoHost."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr "ldap_sudo_include_regexp (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
@@ -6698,7 +7045,7 @@ msgstr ""
"заміни у атрибуті sudoHost."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6711,71 +7058,71 @@ msgstr ""
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr "ПАРАМЕТРИ AUTOFS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr "ldap_autofs_map_master_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr "Назва основної карти автоматичного монтування у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr "Типове значення: auto.master"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr "Клас об’єктів запису карти автоматичного монтування у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr "Типове значення: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr "Назва запису карти автоматичного монтування у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr "Типове значення: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
#, fuzzy
#| msgid ""
#| "The key of an automount entry in LDAP. The entry usually corresponds to a "
@@ -6788,19 +7135,19 @@ msgstr ""
"точні монтування."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: automountMap"
msgid "Default: automount"
msgstr "Типове значення: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
@@ -6809,24 +7156,24 @@ msgstr ""
"точні монтування."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr "Типове значення: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr "Типове значення: automountInformation"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6839,32 +7186,32 @@ msgstr ""
"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr "ДОДАТКОВІ ПАРАМЕТРИ"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr "<note>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -6877,22 +7224,22 @@ msgstr ""
"показуються неправильно."
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr "</note>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -6905,7 +7252,7 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"1\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6916,7 +7263,7 @@ msgstr ""
"<replaceable>[domains]</replaceable>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6936,19 +7283,19 @@ msgstr ""
"cache_credentials = true\n"
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr "ПРИКЛАД ФІЛЬТРА ДОСТУПУ LDAP"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
@@ -6957,7 +7304,7 @@ msgstr ""
"чином і використано ldap_access_order=lockout."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6983,13 +7330,13 @@ msgstr ""
"cache_credentials = true\n"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "ЗАУВАЖЕННЯ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7022,6 +7369,17 @@ msgstr "модуль PAM для SSSD"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: pam_sss.8.xml:24
+#, fuzzy
+#| msgid ""
+#| "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> "
+#| "</arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> "
+#| "</arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>domains=X</"
+#| "replaceable> </arg>"
msgid ""
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
@@ -7030,7 +7388,8 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
@@ -7042,7 +7401,7 @@ msgstr ""
"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -7053,22 +7412,22 @@ msgstr ""
"<command>syslog(3)</command> до запису LOG_AUTHPRIV."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr "Не показувати у журналі повідомлень для невідомих користувачів."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
@@ -7077,12 +7436,12 @@ msgstr ""
"буде збережено у стосі паролів для використання іншими модулями PAM."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -7094,12 +7453,12 @@ msgstr ""
"непридатним, доступ користувачеві буде заборонено."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
@@ -7109,12 +7468,12 @@ msgstr ""
"стосу модулів."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
@@ -7123,7 +7482,7 @@ msgstr ""
"раз розпізнавання зазнає невдачі. Типовим значенням є 0."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -7135,12 +7494,12 @@ msgstr ""
"<option>PasswordAuthentication</option>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr "<option>ignore_unknown_user</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
@@ -7149,12 +7508,12 @@ msgstr ""
"PAM_IGNORE. Це призводить до ігнорування цього модуля оболонкою PAM."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr "<option>ignore_authinfo_unavail</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
@@ -7164,12 +7523,12 @@ msgstr ""
"PAM ігнорує цей модуль."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr "<option>domains</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -7180,7 +7539,7 @@ msgstr ""
"доменів SSSD, відокремлених комами, так, як їх вказано у файлі sssd.conf."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -7194,13 +7553,46 @@ msgstr ""
"manvolnum> </citerefentry>, щоб дізнатися більше про ці два параметри "
"відповідача PAM."
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+#, fuzzy
+#| msgid "<option>domains</option>"
+msgid "<option>allow_missing_name</option>"
+msgstr "<option>domains</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr "ПЕРЕДБАЧЕНІ ТИПИ МОДУЛІВ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
@@ -7209,12 +7601,12 @@ msgstr ""
"option>, <option>password</option> і <option>session</option>)."
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr "ФАЙЛИ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -7226,7 +7618,7 @@ msgstr ""
"повідомленні, наприклад, можуть міститися настанови щодо скидання пароля."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -7246,7 +7638,7 @@ msgstr ""
"іншим користувачам може бути надано лише право читання файлів."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -7457,7 +7849,7 @@ msgstr ""
"обробляються."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7665,18 +8057,25 @@ msgstr ""
"цього вузла."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr "dyndns_update (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:119
+#, fuzzy
+#| msgid ""
+#| "Optional. This option tells SSSD to automatically update the DNS server "
+#| "built into FreeIPA v2 with the IP address of this client. The update is "
+#| "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
+#| "for the updates, if it is not otherwise specified by using the "
+#| "<quote>dyndns_iface</quote> option."
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
"Необов’язковий. За допомогою цього параметра можна наказати SSSD автоматично "
"оновити на сервері DNS, вбудованому до FreeIPA v2, IP-адресу клієнта. Захист "
@@ -7685,7 +8084,7 @@ msgstr ""
"допомогою параметра «dyndns_iface»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -7706,12 +8105,12 @@ msgstr ""
"назву, <emphasis>dyndns_update</emphasis>, у файлі налаштувань."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr "dyndns_ttl (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -7738,12 +8137,12 @@ msgid "Default: 1200 (seconds)"
msgstr "Типове значення: 1200 (секунд)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr "dyndns_iface (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
#, fuzzy
#| msgid ""
#| "Optional. Applicable only when dyndns_update is true. Choose the "
@@ -7779,7 +8178,7 @@ msgid ""
msgstr "Типове значення: використовувати IP-адресу з’єднання LDAP IPA"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -7789,7 +8188,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr "ipa_enable_dns_sites (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr "Вмикає сайти DNS — визначення служб на основі адрес."
@@ -7814,12 +8213,12 @@ msgstr ""
"вважатимуться резервними серверами."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr "dyndns_refresh_interval (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -7831,12 +8230,12 @@ msgstr ""
"є обов’язкоми, його застосовують, лише якщо dyndns_update має значення true."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr "dyndns_update_ptr (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -7860,12 +8259,12 @@ msgid "Default: False (disabled)"
msgstr "Типове значення: False (вимкнено)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr "dyndns_force_tcp (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
@@ -7874,40 +8273,40 @@ msgstr ""
"даними з сервером DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr "Типове значення: False (надати змогу nsupdate вибирати протокол)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
#, fuzzy
#| msgid "dyndns_iface (string)"
msgid "dyndns_server (string)"
msgstr "dyndns_iface (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
#, fuzzy
#| msgid "Default: False (let nsupdate choose the protocol)"
msgid "Default: None (let nsupdate choose the server)"
@@ -8034,7 +8433,7 @@ msgstr ""
"Перевірити за допомогою krb5_keytab, чи не було підмінено отриманий TGT."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -8129,12 +8528,12 @@ msgstr ""
"налаштуваннях."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr "krb5_confd_path (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
@@ -8143,7 +8542,7 @@ msgstr ""
"налаштувань Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
@@ -8152,7 +8551,7 @@ msgstr ""
"значення «none»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -8176,7 +8575,7 @@ msgstr ""
"короткого періоду часу надходить багато запитів щодо керування доступом."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr "Типове значення: 5 (секунд)"
@@ -8526,17 +8925,23 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
+#, fuzzy
+#| msgid ""
+#| "The AD provider is able to provide identity information and "
+#| "authentication for entities from trusted domains as well. Currently only "
+#| "trusted domains in the same forest are recognized."
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
"Модуль надання даних AD може надавати дані щодо ідентифікації та "
"розпізнавання і для записів з надійних доменів. У поточній версії "
"розпізнаються лише надійні домени з одного лісу."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -8552,11 +8957,16 @@ msgstr ""
"описаними нижче."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
+#, fuzzy
+#| msgid ""
+#| "However, it is neither necessary nor recommended to set these options. "
+#| "The AD provider can also be used as an access, chpass and sudo provider. "
+#| "No configuration of the access provider is required on the client side."
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
"Потреби у встановленні або використанні цих параметрів виникнути не повинно. "
"Інструментом надання даних AD також можна скористатися для перевірки прав "
@@ -8564,7 +8974,7 @@ msgstr ""
"доступом на боці клієнта немає потреби."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -8574,7 +8984,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -8596,7 +9006,7 @@ msgstr ""
"загальному каталозі (Global Catalog)."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -8607,12 +9017,12 @@ msgstr ""
"для забезпечення сумісності з реалізацією Active Directory у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr "ad_domain (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
@@ -8621,7 +9031,7 @@ msgstr ""
"буде використано назву домену з налаштувань."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
@@ -8630,7 +9040,7 @@ msgstr ""
"малими літерами повної версії назви домену Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
@@ -8639,18 +9049,23 @@ msgstr ""
"автоматично визначається засобами SSSD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr "ad_server, ad_backup_server (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
+#, fuzzy
+#| msgid ""
+#| "The comma-separated list of hostnames of the AD servers to which SSSD "
+#| "should connect in order of preference. For more information on failover "
+#| "and server redundancy, see the <quote>FAILOVER</quote> section. This is "
+#| "optional if autodiscovery is enabled. For more information on service "
+#| "discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
"Впорядкований за пріоритетом список назв вузлів, відокремлених комами, "
"серверів AD, з якими має встановити з’єднання SSSD. Докладніші відомості "
@@ -8659,13 +9074,27 @@ msgstr ""
"відомості щодо автоматичного виявлення служб наведено у розділі «ПОШУК "
"СЛУЖБ»."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr "ad_hostname (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -8676,7 +9105,7 @@ msgstr ""
"розпізнавання цього вузла."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
@@ -8686,12 +9115,12 @@ msgstr ""
"вузла, для якого випущено таблицю ключів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr "ad_enable_dns_sites (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -8709,12 +9138,12 @@ msgstr ""
"сайтів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr "ad_access_filter (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -8727,7 +9156,7 @@ msgstr ""
"значення «ad», щоб цей параметр почав діяти."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -8740,7 +9169,7 @@ msgstr ""
"«FOREST» або ключове слово слід пропустити."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -8753,7 +9182,7 @@ msgstr ""
"вказаного значенням «НАЗВА»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
@@ -8762,7 +9191,7 @@ msgstr ""
"визначення фільтрів у базах для пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -8776,7 +9205,7 @@ msgstr ""
"специфікацією, використовуватиметься лише перший з них."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -8800,17 +9229,17 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr "Типове значення: не встановлено"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr "ad_site (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
@@ -8819,12 +9248,12 @@ msgstr ""
"вказано, виконуватиметься спроба автоматичного визначення сайта AD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr "ad_enable_gc (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -8838,7 +9267,7 @@ msgstr ""
"SSSD встановлюватиме зв’язок лише з портом LDAP поточного сервера AD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -8853,12 +9282,12 @@ msgstr ""
"групах для різних доменів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr "ad_gpo_access_control (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -8873,7 +9302,7 @@ msgstr ""
"«access_provider» значення «ad»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
@@ -8883,7 +9312,7 @@ msgstr ""
"користувач увійти до системи певного вузла мережі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -8906,12 +9335,12 @@ msgstr ""
"режиму (enforcing)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr "У цього параметра є три підтримуваних значення:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
@@ -8919,14 +9348,14 @@ msgstr ""
"використовуються примусово."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
"enforcing: правила керування доступом, засновані на GPO, обробляються і "
"використовуються примусово."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -8939,22 +9368,22 @@ msgstr ""
"enforcing."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr "Типове значення: permissive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr "Типове значення: enforcing"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr "ad_gpo_cache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -8965,12 +9394,12 @@ msgstr ""
"короткого періоду часу надходить багато запитів щодо керування доступом."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr "ad_gpo_map_interactive (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -8981,7 +9410,7 @@ msgstr ""
"InteractiveLogonRight і DenyInteractiveLogonRight."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
@@ -8991,7 +9420,7 @@ msgstr ""
"вхід» («Deny log on locally»)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -9001,7 +9430,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9020,54 +9449,81 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
"Типове значення: типовий набір назв служб PAM складається з таких значень:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr "login"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr "su"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr "su-l"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr "gdm-fingerprint"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr "gdm-password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr "gdm-smartcard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr "kdm"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+#, fuzzy
+#| msgid "kdm"
+msgid "xdm"
+msgstr "kdm"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr "ad_gpo_map_remote_interactive (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -9078,7 +9534,7 @@ msgstr ""
"DenyRemoteInteractiveLogonRight."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -9090,7 +9546,7 @@ msgstr ""
"служб віддаленої стільниці» («Deny log on through Remote Desktop Services»)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -9100,7 +9556,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9119,17 +9575,22 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr "sshd"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr "ad_gpo_map_network (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -9140,7 +9601,7 @@ msgstr ""
"DenyNetworkLogonRight."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -9152,7 +9613,7 @@ msgstr ""
"мережі» (Deny access to this computer from the network»)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -9162,7 +9623,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9181,22 +9642,22 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr "ftp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr "samba"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr "ad_gpo_map_batch (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -9207,7 +9668,7 @@ msgstr ""
"DenyBatchLogonRight."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
@@ -9217,7 +9678,7 @@ msgstr ""
"job») і «Заборонити вхід як пакетне завдання» («Deny log on as a batch job»)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -9227,7 +9688,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9246,17 +9707,17 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr "crond"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr "ad_gpo_map_service (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -9267,7 +9728,7 @@ msgstr ""
"DenyServiceLogonRight."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
@@ -9277,7 +9738,7 @@ msgstr ""
"«Заборонити вхід як службу» («Deny log on as a service»)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -9287,7 +9748,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -9304,12 +9765,12 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr "ad_gpo_map_permit (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
@@ -9318,7 +9779,7 @@ msgstr ""
"основі GPO, незалежно від будь-яких прав входу GPO."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -9328,7 +9789,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9347,27 +9808,32 @@ msgstr ""
"type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr "sudo"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr "sudo-i"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr "systemd-user"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr "ad_gpo_map_deny (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
@@ -9376,7 +9842,7 @@ msgstr ""
"на основі GPO, незалежно від будь-яких прав входу GPO."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -9386,12 +9852,12 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr "ad_gpo_default_right (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -9413,52 +9879,96 @@ msgstr ""
"забороняла доступ для непов’язаних назв служб PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr "Передбачені значення для цього параметра:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr "interactive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr "remote_interactive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr "network"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr "batch"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr "service"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr "permit"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr "deny"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr "Типове значення: deny"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 300"
+msgid "Default: 30 days"
+msgstr "Типове значення: 300"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+#, fuzzy
+#| msgid "pam_account_expired_message (string)"
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr "pam_account_expired_message (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr "Типове значення: 86400 (24 години)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -9475,12 +9985,12 @@ msgstr ""
"якщо цю адресу не було змінено за допомогою параметра «dyndns_iface»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr "Типове значення: 3600 (секунд)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
#, fuzzy
#| msgid "Default: Use the IP address of the AD LDAP connection"
msgid ""
@@ -9489,17 +9999,17 @@ msgid ""
msgstr "Типове значення: використовувати IP-адресу з’єднання LDAP AD"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr "Типове значення: True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr "krb5_use_enterprise_principal (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
@@ -9509,7 +10019,7 @@ msgstr ""
"реєстраційні дані."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -9520,7 +10030,7 @@ msgstr ""
"У прикладі продемонстровано лише параметри доступу, специфічні для засобу AD."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -9544,7 +10054,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -9556,7 +10066,7 @@ msgstr ""
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -9568,7 +10078,7 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -9582,6 +10092,14 @@ msgstr ""
"встановлювати усі параметри з’єднання (зокрема адреси LDAP та параметри "
"шифрування) вручну."
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -10184,7 +10702,7 @@ msgstr ""
"Пароль для заплутування буде прочитано зі стандартного джерела вхідних даних."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -10258,17 +10776,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -10276,23 +10799,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
#, fuzzy
#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
@@ -10300,29 +10826,65 @@ msgstr ""
"<option>--delattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:94
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>ДОМЕН</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:107
+#, fuzzy
+#| msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+"<option>--setattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -10330,29 +10892,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -10360,14 +10922,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-#, fuzzy
-#| msgid "print properties of a group"
-msgid "Override attributes of a group."
-msgstr "показ параметрів групи"
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
#, fuzzy
#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
@@ -10375,29 +10937,62 @@ msgstr ""
"<option>--delattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>ДОМЕН</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -10405,43 +11000,43 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "SUDO OPTIONS"
msgid "COMMON OPTIONS"
msgstr "ПАРАМЕТРИ SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
#, fuzzy
#| msgid "This option is not available in IPA provider."
msgid "Those options are available with all commands."
msgstr "Цим параметром не можна скористатися у надавачі даних IPA."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
@@ -11871,6 +12466,46 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-g</option>,<option>--group</option> <replaceable>group</"
+#| "replaceable>"
+msgid ""
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
+"replaceable>"
+msgstr ""
+"<option>-g</option>,<option>--group</option> <replaceable>група</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:190
+#, fuzzy
+#| msgid "Invalidate all cached entries except for sudo rules."
+msgid "Invalidate particular sudo rule."
+msgstr "Скасувати чинність усіх кешованих записів, окрім правил sudo."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid "<option>-R</option>,<option>--no-remove</option>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr "<option>-R</option>,<option>--no-remove</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+"Скасувати визначення всіх записів. Цей параметр має вищий пріоритет за "
+"параметр скасування визначення для будь-якого користувача, якщо такий "
+"параметр вказано."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
@@ -11879,7 +12514,7 @@ msgstr ""
"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:190
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr "Обмежити процедуру скасування визначення лише певним доменом."
@@ -12473,13 +13108,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:41
+#, fuzzy
+#| msgid ""
+#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#| "manvolnum></citerefentry> can be configured to use "
+#| "<command>sss_ssh_authorizedkeys</command> for public key user "
+#| "authentication if it is compiled with support for either "
+#| "<quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</quote> "
+#| "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+#| "manvolnum></citerefentry> options."
msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> можна налаштувати на використання "
@@ -12490,7 +13134,7 @@ msgstr ""
"<quote>PubkeyAgent</quote>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -12500,7 +13144,7 @@ msgstr ""
" AuthorizedKeysCommandUser nobody\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -12516,31 +13160,8 @@ msgstr ""
"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
"\" id=\"0\"/>"
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-"Якщо передбачено підтримку <quote>PubkeyAgent</quote>, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> може бути налаштовано на використання ключів за допомогою "
-"такої інструкції <citerefentry> <refentrytitle>sshd</refentrytitle> "
-"<manvolnum>8</manvolnum></citerefentry>: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
@@ -12548,12 +13169,12 @@ msgstr ""
"replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr "СТАН ВИХОДУ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -13080,7 +13701,7 @@ msgstr ""
"меншим або рівним <quote>ldap_idmap_range_min</quote>"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr "Типове значення: 200000"
@@ -13149,17 +13770,23 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:179
+#, fuzzy
+#| msgid ""
+#| "For example, if your most recently-added Active Directory user has "
+#| "objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+#| "<quote>ldap_idmap_range_size</quote> must be at least 1107."
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
"Приклад: якщо найсвіжішим доданим користувачем Active Directory є користувач "
"з objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
"«ldap_idmap_range_size» повинне мати значення, яке є не меншим за 1107."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -13171,12 +13798,12 @@ msgstr ""
"користувачів."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr "ldap_idmap_default_domain_sid (рядок)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -13187,22 +13814,22 @@ msgstr ""
"ідентифікаторів без використання алгоритму murmurhash описаного вище."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr "ldap_idmap_default_domain (рядок)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr "Вказати назву типового домену."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr "ldap_idmap_autorid_compat (булеве значення)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
@@ -13212,7 +13839,7 @@ msgstr ""
"<quote>idmap_autorid</quote> winbind."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
@@ -13221,7 +13848,7 @@ msgstr ""
"нульового зрізу з поступовим зростанням номерів на кожен додатковий домен."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -13235,13 +13862,36 @@ msgstr ""
"<quote>ldap_idmap_default_domain_sid</quote> з метою гарантування "
"послідовного призначення принаймні одного домену до нульового зрізу."
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+#, fuzzy
+#| msgid "ldap_idmap_range_size (integer)"
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr "ldap_idmap_range_size (ціле число)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr "Добре відомі SID"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -13255,7 +13905,7 @@ msgstr ""
"немає."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
@@ -13264,37 +13914,37 @@ msgstr ""
"домени. Службами сертифікації для добре відомих (Well-Known) SID є"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr "Фіктивна служба сертифікації (Null Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr "Загальна служба сертифікації (World Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr "Локальна служба сертифікації (Local Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr "Авторська служба сертифікації (Creator Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr "Служба сертифікації NT (NT Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr "Вбудована (Built-in)"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
@@ -13303,7 +13953,7 @@ msgstr ""
"доменів для повернення повних назв добре відомих (Well-Known) SID."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
@@ -13834,6 +14484,27 @@ msgid "Default: /home"
msgstr "Типове значення: /home"
#~ msgid ""
+#~ "Specifies the comma-separated list of UID values or user names that are "
+#~ "allowed to access the PAM responder. User names are resolved to UIDs at "
+#~ "startup."
+#~ msgstr ""
+#~ "Визначає список значень UID або імен користувачів, відокремлених "
+#~ "комами. \n"
+#~ "Користувачам з цього списку буде дозволено доступ до відповідача PAM. UID "
+#~ "за \n"
+#~ "іменами користувачів визначатимуться під час запуску."
+
+#~ msgid ""
+#~ "If user is authenticating using SSH keys and account is expired then by "
+#~ "default 'Permission denied' is output. This output will be changed to "
+#~ "content of this variable if it is set."
+#~ msgstr ""
+#~ "Якщо користувач проходить розпізнавання за допомогою ключів SSH, а строк "
+#~ "дії облікового запису вичерпано, буде виведено типове повідомлення про "
+#~ "заборону доступу («Permission denied»). Це повідомлення буде змінено на "
+#~ "вміст змінної, якщо її значення буде встановлено."
+
+#~ msgid ""
#~ "Please note that the default values correspond to the default schema "
#~ "which is RFC2307."
#~ msgstr ""
@@ -13847,3 +14518,21 @@ msgstr "Типове значення: /home"
#~ msgstr ""
#~ "ЗАУВАЖЕННЯ: для цього параметра у поточній версії передбачено підтримку "
#~ "лише одного інтерфейсу."
+
+#~ msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+#~ msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+
+#~ msgid ""
+#~ "If <quote>PubkeyAgent</quote> is supported, "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> can be configured to use it by using the "
+#~ "following directive for <citerefentry> <refentrytitle>sshd</"
+#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> configuration: "
+#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
+#~ msgstr ""
+#~ "Якщо передбачено підтримку <quote>PubkeyAgent</quote>, "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> може бути налаштовано на використання ключів за "
+#~ "допомогою такої інструкції <citerefentry> <refentrytitle>sshd</"
+#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry>: <placeholder type="
+#~ "\"programlisting\" id=\"0\"/>"
diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po
index debfd4624..1d7f9d244 100644
--- a/src/man/po/zh_CN.po
+++ b/src/man/po/zh_CN.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/"
@@ -18,7 +18,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -61,7 +61,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -80,11 +80,11 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "选项"
@@ -221,113 +221,128 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
-msgid "debug_timestamps (bool)"
+msgid "debug (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:76
msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:89
+msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "服务"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -336,29 +351,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "默认: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -368,19 +383,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -388,12 +403,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -401,58 +416,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -461,7 +476,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -469,69 +484,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -541,7 +556,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -551,20 +566,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -574,7 +589,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -583,12 +598,97 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+msgid "certificate_verification (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -599,12 +699,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr "服务部分"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -613,22 +713,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr "基本服务配置选项"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr "这些选项可被用于配置任何服务。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -638,17 +738,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -656,19 +756,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -678,12 +778,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -691,117 +791,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -809,7 +857,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -819,7 +867,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -828,17 +876,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -846,60 +894,86 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+msgid "local_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -907,23 +981,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -931,47 +1005,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -979,103 +1053,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1086,72 +1167,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1159,59 +1240,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1219,7 +1300,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1228,17 +1309,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1246,117 +1327,183 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1064
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_expired_message = Account expired, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+msgid "pam_cert_db_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
msgid "p11_child_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1367,34 +1514,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1402,68 +1549,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
msgid "Default: /etc/pki/nssdb"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1475,7 +1622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1486,24 +1633,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1511,12 +1658,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1524,25 +1671,37 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+msgid "pac_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1551,46 +1710,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1602,14 +1761,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1618,39 +1777,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1659,19 +1818,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1682,151 +1841,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1834,24 +1993,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1860,17 +2019,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1879,33 +2038,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1913,8 +2072,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1923,8 +2082,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1932,19 +2091,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1953,7 +2112,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1961,22 +2120,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1988,7 +2147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -1996,19 +2155,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2016,7 +2175,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2024,30 +2183,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2055,19 +2214,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2076,24 +2235,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2101,7 +2273,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2109,35 +2281,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2145,32 +2317,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2181,12 +2353,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2194,7 +2366,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2202,31 +2374,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2234,7 +2406,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2243,23 +2415,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2267,7 +2439,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2275,24 +2447,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2300,12 +2480,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2315,7 +2495,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2324,29 +2504,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2354,7 +2534,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2362,66 +2542,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2429,70 +2609,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2500,7 +2680,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2508,41 +2688,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2552,34 +2776,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
msgid "cached_auth_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2587,12 +2811,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2600,7 +2824,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2608,49 +2832,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2658,73 +2896,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2732,17 +2970,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2751,17 +2989,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2769,17 +3007,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2787,19 +3025,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2829,7 +3067,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2875,7 +3113,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2975,8 +3213,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr ""
@@ -3265,14 +3503,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3667,8 +3905,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
@@ -3872,19 +4110,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
-msgid "ldap_group_nesting_level (integer)"
+msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:948
msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3894,26 +4149,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3921,14 +4177,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3936,7 +4192,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3944,19 +4200,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3964,168 +4214,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4133,7 +4383,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4141,12 +4391,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4154,12 +4404,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4170,12 +4420,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4184,12 +4434,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4198,34 +4448,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4233,14 +4483,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4248,17 +4498,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4268,12 +4518,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4281,17 +4531,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4299,13 +4549,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4314,7 +4564,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4322,26 +4572,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4349,7 +4599,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4357,7 +4607,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4365,41 +4615,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4408,32 +4658,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4441,24 +4691,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4466,17 +4716,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4487,29 +4737,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4518,17 +4768,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4536,49 +4786,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4586,27 +4836,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4618,7 +4868,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4626,7 +4876,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4634,39 +4884,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4676,7 +4926,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4684,26 +4934,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4711,7 +4961,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4719,31 +4969,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4752,56 +5002,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4817,12 +5067,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4831,14 +5081,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4847,24 +5097,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4872,19 +5122,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4893,7 +5143,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4901,7 +5151,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4910,7 +5160,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4918,22 +5168,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4943,14 +5193,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4963,12 +5213,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -4978,7 +5228,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -4988,49 +5238,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5039,74 +5289,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5117,7 +5367,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5125,24 +5375,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
msgid "wildcart_limit (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5157,12 +5407,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5170,208 +5420,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5379,101 +5629,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5482,110 +5732,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: 3"
msgid "Default: automount"
msgstr "默认: 3"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5594,32 +5844,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5628,22 +5878,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5652,7 +5902,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5660,7 +5910,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5673,26 +5923,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5708,13 +5958,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5749,11 +5999,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5761,34 +6012,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5796,31 +6047,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5828,36 +6079,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5865,7 +6116,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5874,25 +6125,56 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5900,7 +6182,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5912,7 +6194,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6071,7 +6353,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6219,7 +6501,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6227,14 +6509,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6249,12 +6531,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6275,12 +6557,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6304,7 +6586,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6314,7 +6596,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6331,12 +6613,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6344,12 +6626,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6368,50 +6650,50 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6521,7 +6803,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6595,26 +6877,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6633,7 +6915,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6931,13 +7213,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6947,15 +7230,15 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -6963,7 +7246,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -6976,7 +7259,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -6984,53 +7267,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7038,19 +7333,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7061,12 +7356,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7075,7 +7370,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7084,7 +7379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7093,14 +7388,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7109,7 +7404,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7124,29 +7419,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7155,7 +7450,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7164,12 +7459,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7179,14 +7474,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7199,23 +7494,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7223,22 +7518,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7246,12 +7541,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7259,14 +7554,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7274,7 +7569,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7286,53 +7581,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7340,7 +7660,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7348,7 +7668,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7356,7 +7676,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7368,17 +7688,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7386,7 +7711,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7394,7 +7719,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7402,7 +7727,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7414,22 +7739,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7437,14 +7762,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7452,7 +7777,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7464,17 +7789,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7482,14 +7807,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7497,7 +7822,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7508,19 +7833,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7528,7 +7853,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7540,34 +7865,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7575,12 +7905,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7593,52 +7923,92 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: 30 days"
+msgstr "默认: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7649,36 +8019,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7686,7 +8056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7701,7 +8071,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7710,7 +8080,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7718,7 +8088,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7727,6 +8097,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8185,7 +8563,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8244,17 +8622,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8262,50 +8645,80 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:94
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8313,29 +8726,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8343,39 +8756,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8383,41 +8825,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "OPTIONS"
msgid "COMMON OPTIONS"
msgstr "选项"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
#| msgid ""
#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
@@ -9564,13 +10006,49 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
+"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
+"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid ""
+#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10050,13 +10528,13 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10064,7 +10542,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10074,36 +10552,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10490,7 +10951,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10547,11 +11008,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10559,12 +11021,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10572,36 +11034,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10610,13 +11072,34 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10625,51 +11108,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
generated by cgit (git 2.34.1) at 2024-05-04 08:34:16 +0000